Coronavirus COVID-19

FAQ - Infection Protection Act (new) - What employers must observe from 24 November 2021

Published on 24th Nov 2021

The new Infection Protection Act (Infektionsschutzgesetz - IfSG) adopted to combat the pandemic was promulgated in the Federal Law Gazette on 23 November 2021 and thus comes into force on 24 November 2021. The new Infection Protection Act entails the following new obligations for employers and employees:

1. Home office obligation - § 28b para. 4 IfSG (new)

In the case of office work or comparable activities, the employer must again offer its employees the opportunity to work from home if there are no compelling operational reasons to the contrary. The employer must document the reasons why the employee cannot work from home. Examples: Secondary activities associated with an office job, such as processing and distributing incoming mail, processing incoming and outgoing goods, counter services for customer and employee contacts that are still necessary, issuing materials, repair and maintenance tasks (e.g. IT service), caretaker services and emergency services to maintain operations, possibly also ensuring first aid in the company. Special requirements of data protection according to the General Data Protection Regulation (Datenschutz-Grundverordnung – DS-GVO) and the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) and the protection of trade secrets may also speak against working from home. Technical or organisational reasons, such as the unavailability of required IT equipment, necessary changes in work organisation or insufficient qualification of the employees concerned, can usually only be cited temporarily until the reason for prevention is eliminated.

This corresponds to the employee's obligation to accept this offer, unless there are reasons to the contrary. However, the reasons to be given by the employee are not subject to high requirements. Examples: Lack of space, distractions by third parties or inadequate equipment. Employers should ask their employees to state the reasons for refusal. 

2. "3G" in the workplace - § 28b para. 1 IfSG (new)

Entering the workplace is only permitted with "3G proof". Employees may therefore only enter the workplace if they have been vaccinated, recovered or tested. The employer must check this by means of 

  • a vaccination certificate,
  • a certificate of recovery or 
  • an official test certificate.

This regulation applies to all workplaces where physical contact between employers and employees or with third parties cannot be excluded, regardless of the activity performed.

Entering the workplace without carrying "3G proof" is only allowed in order to take advantage of a test offer or a vaccination offer from the employer immediately before starting work. Thus, from 24 November 2021, testing will be compulsory for unvaccinated employees or employees without proof of recovery.

These regulations can be even more differentiated depending on the federal state. 

3. Valid 3G evidence - § 28b para. 1 IfSG (new) i.V.m. § 2 COVID-19-SchAusahmV

3.1 Evidence of vaccination shall only be considered to be evidence of full immunisation against SARS-CoV-2 coronavirus if the vaccination was carried out with one or more recognised vaccines and either

  • consists of a number of vaccine doses required for a complete protective vaccination and at least 14 days have elapsed since the last required single vaccination, or
  • in a recovered person consists of one administered dose of vaccine.

3.2 Only evidence of a previous infection with the SARS-CoV-2 coronavirus is considered proof of recovery if the underlying test was performed at least 28 days and a maximum of 6 months ago.

3.3 Only the following are considered as test certificate

  • a test carried out in the workplace under supervision
    A self-administered test performed by the employee without supervision is therefore not sufficient. The supervising persons must check whether the respective employee performs the test procedure properly according to the instructions for use of the test used. The supervising persons must be instructed accordingly by the employer. The instruction should also address the infection protection measures required for testing under supervision for all participants (e.g. wearing an FFP2 or surgical mask, regular ventilation of the room, maintaining a distance of 1.5 metres).
  • an operational test by trained employees
    The trained employees can acquire the necessary knowledge through training by the company doctor or the health insurance funds, DRK (Deutsches Rotes Kreuz) and other providers.
  • a test carried out by a professional service provider. 

The tests must have been carried out no more than 24 hours previously (for PCR tests no more than 48 hours).

4. Employer's duty to inform

The employer has the duty to inform his employees about the access regulations (cf. point 2 and point 3). The employer should also inform his employees that carrying the 3G certificate is in their own interest, as a fine may be imposed on the employees themselves in case of non-compliance.

5. Duties of cooperation of the employees

Employees are obliged to carry a 3G certificate, i.e. a vaccination certificate, a recovery certificate or a test certificate (cf. point 3.), to keep it available for inspection or to deposit it with the employer.

In the event that an employee is unable or unwilling to provide proof of vaccination or recovery, the employee shall be obliged to provide proof of testing (cf. para. 3.3).

If it is not possible for the employee to work from home (cf. section 1), but the employee refuses to provide the required 3G proof of entry to the workplace, the employee must expect loss of pay, a warning and, in the case of repetition, possibly also dismissal due to the violation of ancillary duties under the employment contract.

6. Duty of the employer to offer a test

Under the SARS-CoV-2 Occupational Health and Safety Regulation (SARS-CoV-2-Arbeitsschutzverordnung), which remains in force (initially limited until 
19 March 2022), employers must continue to offer an approved selftest free of charge at least twice per calendar week. This may be waived for vaccinated and recovered employees. Only if such a test is carried out under supervision immediately after entering the workplace will it count as 3G evidence under the new legal regulation.

However, employers are not obliged to offer employees who are neither vaccinated nor recovered a test to prove that they are not infected with Corona under the new 3G regulation. Employees are generally responsible for ensuring that they can provide valid 3G evidence on a daily basis.

In all other respects, all employees can make use of the free citizen tests (Bürgertests). According to § 5 para. 1 sentence 2 of the Coronavirus Test Ordinance (Coronavirus-Testverordnung), the citizen tests can be used by asymptomatic persons at least once a week, subject to test capacity.

The time required for testing is not working time and therefore not subject to remuneration. Employees should also allow for time delays due to limited testing capacity when taking citizenship tests.

7. Control and documentation obligations - § 28b para. 3 IfSG (new)

Employers have a duty to monitor compliance with the 3G rules (cf. point 3) on a daily basis and to document it regularly

Employees are required to carry and keep available for inspection one of the 3G statements on a daily basis and to present it at the employer's request. 

Employers may also delegate control to suitable employees or third parties, subject to the requirements of data protection law.

8. Data protection / fines

8.1 Employers may process employee data, including data on vaccination, sero and test status, on the basis of the new Infection Protection Act in order to fulfil their legal duty of inspection, which is linked to access to the workplace (cf. no. 2 and no. 3). Employers may also use the data to adapt the company hygiene concept (§§ 5 and 6 Occupational Safety and Health Act – Arbeitsschutzgesetz), if this is necessary.

However, based on the current version of § 28b IfSG (new), it is unclear in which form and in which way (e.g. screenshot or copy of a 3G proof by email) employers are allowed to collect, i.e. in particular process and store, employees' 3G data.

The wording of the law (§ 28b para. 1 and para. 3 IfSG new) as well as the statements in the report of the main committee of the Bundestag in the legislative procedure speak in favour of the permissibility of processing a 3G proof (e.g. storage of a scan of the vaccination certificate per se) by the employer.

The Federal Ministry of Labour and Social Affairs (Bundesministerium für Arbeit und Soziales – BMAS) states in its FAQs that, in accordance with the principle of data minimisation (Art. 5 para. 1 lit. c) DS-GVO), storage of the 3G evidence should be omitted and is therefore not necessary. According to the BMAS, it is sufficient for the employer to keep a list of names in which it is only noted that the respective employee has provided proof of 3G, as well as the type of proof and, in the case of recovery, the expiry date of the proof of recovery (see BMAS - Betrieblicher Infektionsschutz, section 1.1.13).

Some supervisory authorities have also so far been very critical of the storage of concrete 3G evidence and do not consider it necessary.

8.2 In any case, employers must always comply with data protection law, in particular provide for adequate and specific measures to protect the interests of the persons concerned, i.e. the employees (§ 22 para. 2 BDSG). This includes, among other things, technical and organisational measures for data security. 

8.3 Employers must ensure that unauthorised persons (e.g. third parties or colleagues) cannot gain knowledge of the 3G data collected from employees. Accordingly, employers should develop an access authorisation concept.

8.4 Employers are further obliged to provide employees with all information relating to the processing of 3G data in a precise, transparent, intelligible and easily accessible form in clear and plain language as part of data protection notices (Art. 13, 14 DS-GVO) (Art. 12 para. 1 DS-GVO).

8.5 The data collected by the employer must be deleted at the latest at the end of the 6th month after collection - § 28b para. 3 IfSG (new).

8.6 In the event of violations of the data protection provisions, employers may be fined up to EUR 20 million or, in the case of an enterprise, up to 4% of its total annual worldwide turnover in the preceding business year. It depends on which of the amounts is higher.

We therefore recommend that employers implement a data protection-compliant process for fulfilling their control and documentation obligations under the new Infection Protection Act in the company as soon as possible.

9. Co-determination of the works council 

The design of access control in the company within the framework of the legal requirements is subject to co-determination (§ 87 para. 1 no. 1 Works Council Constitution Act – Betriebsverfassungsgesetz). In this respect, the (local) works councils must be involved at short notice.

10. Fines (also for employees) 

Employees who enter the workplace without a valid 3G certificate as well as employers who do not comply with their control obligations must expect fines of up to EUR 25,000 per violation (§ 73 para. 1a no. 11b and no. 11d in conjunction with para. 2 IfSG new).

11. External staff

In the case of external staff (e.g. freelancers, external service providers), even the 2G rule (i.e. only vaccinated or recovered) can be applied. This is because, in contrast to the company's own employees, there is no relationship of superiority/subordination here, so that no indirect obligation to vaccinate is established (this would be inadmissible according to the current legal situation).

The control obligations of § 28b para. 3 IfSG do not apply to external staff (the regulation only covers own "employees"), but the employer has a duty to protect his employees. He must therefore prevent his employees from coming into contact with unvaccinated/untested third parties within the office premises as far as possible. This is because these persons pose an increased risk of infection.

In the case of the 3G rule, the duty of inspection can be transferred to the external service provider, for example, and a corresponding confirmation can be obtained (this should be kept for documentation purposes in the case of official inspections). If the 2G rule is introduced for external service providers, the vaccination/recovery certificates should be checked and documented. Here, the data protection requirements according to the DS-GVO and the BDSG must also be observed.

According to § 2, para. 2, and 3 ArbSchG, temporary workers are comparable to employees of the lessee and therefore also considered "employees" within the meaning of § 28b para. 3 IfSG, In addition to the contractual employer, the lessee, in whose company the temporary workers are integrated, must also comply with the control obligations of the 3G rule.

Interested in hearing more from Osborne Clarke?

* This article is current as of the date of its publication and does not necessarily reflect the present state of the law or relevant regulation.

Connect with one of our experts

Interested in hearing more from Osborne Clarke?

Related articles