1G, 2G, 3G, 3G+ - A look back and forward at the pandemic hurdle race of employers and employees

December 2021 · Estimated read time: mins

Wie gestaltet sich die 3G-Nachweispflicht in Betrieben und kann 2G eine Alternative sein?

"SME association calls for 2G in the workplace." ticked it recently over the relevant news portals and also from the Ministries of Justice of the Federal States one hears visibly the demand to at least consider “2G” regulations in German enterprises, thus only allowing vaccinated (“Geimpft”) or recovered (Genesen”) employees to come to work. The association of small and medium-sized enterprises in particular justifies its approach primarily with the high administrative and financial hurdles that the current 3G regulations entail in companies as they have to constantly check on test certificates to monitor whether employees tested negative for Sars-CoV2 (“Getestet”). And the legislator is also already reacting: at least for employees in healthcare professions and professions that care for people in need of care and people with disabilities, a general vaccination obligation will apply from March 15, 2022.

Against this backdrop, we look back at initial experiences with the mandatory 3G obligation to provide evidence in German workplaces, consider potential problem areas, and also ask whether 2G regulations could be a viable way forward.

What does the 3G regulation actually mean?

The 3G introduced by Section 28b of the Infection Protection Act (Infektionsschutzgesetz, in short IfSG) establishes a restriction on the right to enter the workplace and places a legal duty on the employer to carry out checks. Employers and employees may only enter workplaces where physical contact between employers and employees or with third parties cannot be ruled out if they are vaccinated, recovered or tested ("3G") and carry appropriate proof with them available for inspection or have deposited it with the employer.

Who is to be checked?

In principle, all employees who want to enter the workplace must be checked. The Federal Ministry of Labor and Social Affairs (BMAS) is of the opinion that employees in the field who do not enter their own workplace but the workplace of third parties must also be equipped with a 3G certificate. This is argued, on the one hand, with the purpose of the IfSG to protect the entire population and, on the other hand, that the concept of the relevant workplace is not limited, according to its wording, to the employer's workplace. 

In our view, however, a different interpretation of the regulation is not necessarily excluded. Apart from legal arguments, there are also practical hurdles in favor of not simply requiring an obligation on the part of the employer to carry out inspections. For example, it may be difficult for employers to carry out the required checks on employees who are absent, especially if they have not provided permanent proof of their 3G status. Purely digital visual checks via video chat etc. are conceivable, but they hardly provide the same security as on-site checks in presence.  

In any case, employers are caught in a conflict: If they do not carry out checks, they risk violations of infection control law and, alternatively, of data protection law if they carry out excessive checks. In any case, one way out could be the employee's consent under data protection law to check theit 3G status. 

This also applies to third parties (such as suppliers) who have to enter the workplace. Here, too, the employer of the third party has the duty to check, even if employers are generally free to establish 3G regulations (or even a stricter regime) regarding the access of third parties within the scope of their domiciliary rights.

How to check?

  • Visual inspection

Due to the data protection law requirement of data minimization, the inspection should be limited to a visual inspection. Here, too, the only thing to be documented in the most data-reduced manner possible is the fact that the employee has provided proof. This documentation should not even indicate what type of proof has been provided. 

If the employee is unknown to the controlling employer (or the person in charge of the control), an additional visual comparison of the 3G proof with a company ID card or an official identification document is obvious. However, caution should be exercised here as well. The IfSG only requires the presentation of the 3G evidence itself. Whether this also includes the presentation of an identification document cannot be answered unambiguously without further ado. The argument against this is that, due to the employee's duty of loyalty, the employer can assume that the employee will not present false 3G proof. 

Despite the restraint required due to data protection requirements, employers can use the data collected during 3G inspections to adapt their hygiene concepts and thus improve occupational health and safety. This is made possible by the newly introduced Section 28b (3) IfSG via an explicit and permissible change of purpose of the collected data. Section 22 (2) Federal Data Protection Act applies accordingly.

  • Deposit of the vaccination certificate

Procedures are simplified if employees are willing to deposit their proof of vaccination or convalescence. However, there is no obligation to do so. Employees already satisfy the obligations to be checked under Section 28b (1) IfSG if they carry sufficient proof with them or merely keep it available for checking purposes. However, employees often have the understandable wish to only have to provide proof once in order to avoid or shorten the daily access checks. However, the employer should not be too quick to accept this offer, because here, too, there are hurdles under data protection law that must first be overcome. 

The prerequisite is the explicit and informed consent of the employee. A pitfall here can be that the employer - despite the fact that consent is in principle free of form - bears the burden of proof regarding the existence of such consent. Employers should therefore ensure that a "paper trail" exists. In any case, each employee is free to revoke the consent to the storage of his or her vaccination status at any time without giving reasons. The employee must also be informed of this, with appropriate documentation.

  • Deletion periods

Finally, Section 28b (3) IfSG also regulates when the employer must dispose of the data collected in connection with the 3G checks. This data must be deleted at the latest at the end of the sixth month after it was collected. The provisions of general data protection law remain unaffected, which is why the data must be deleted immediately if, among other things, there is no longer a legitimate interest in storing it (e.g. when employees leave the company). Once recorded and stored, the vaccination or convalescent status should also be deleted if it is no longer meaningful. Recent statements by political decision-makers may suggest that the latter could be the case as early as six months after the second vaccination has been completed and without an additional booster vaccination.

Who is allowed to check?

  • Persons authorized to check

Particularly in the case of larger companies, it is obvious that the checks are carried out by other persons within the company's own staff as part of a delegation. These employees would then have to be obligated to maintain confidentiality in dealing with health data and be sensitized to the handling of personal data. Employers are advised to develop appropriate written work instructions for the persons authorized to carry out the checks, in which the data protection-compliant handling of the control documentation is described clearly and comprehensibly.

  • Third party control

One question that unites both the large industrial company with factory access controls performed by third-party companies and the young start-up sharing the reception area and resources of the co-working space is the one about third-party control of 3G evidence. This is possible in principle, but care must be taken to ensure that the data protection requirements for a proper data processing agreement are met with the third parties who are to perform the checks. Existing agreements should be reviewed and, if necessary, adapted.

  • Works council?

In principle, only the persons authorized by the employer to carry out checks may inspect the evidence. This also includes the lists kept for check documentation. This raises the question of whether works councils have a right to inspect the lists. Data protection authorities in the states stress the position that inspection is reserved solely for "persons authorized to carry out inspections" (see, among other things, the statement of the State Representative for Data Protection and Freedom of Information of Baden-Wuerttemberg dated November 27, 2021). In contrast, however, it is also an express duty of employee representatives to monitor the protection of the personal rights of employees (cf. Section 75 (2) BetrVG). For employers in particular, this is an awkward situation, to say the least, between proper involvement of the works council and compliance with data protection law. In this respect, access should only be permitted with restraint and under strict conditions in individual cases.

What's next? 2G in companies as an alternative?

In view of the personnel, financial and administrative effort associated with 3G checks, and in particular the test certificates, the question raised at the beginning of this article as to whether the introduction of 2G access restrictions for companies could be a solution arises. 


As shown, employers can regularly restrict the access of third parties by means of their domiciliary rights. With regard to their own employees, however, this is more complicated under the current legal situation and in view of the fact that vaccination is not (yet) mandatory by law. Trade unions such as IG Metall in particular are postulating these days that 2G in the company would be equivalent to the introduction of such a vaccination obligation. The argument against this, however, is that employees - without a statutory vaccination requirement and in contrast to the current 3G concept - could in principle continue to claim their pay even if they refused to present proof of 2G and thus in any case no financially coercive effect would arise. It is difficult to argue under the current legal situation that the offer of an employee who cannot or does not wish to present 2G proof is not in line with the contract and that the employer is therefore not in default of acceptance triggering continued payment of remuneration: Despite the omnipresent discussion about a vaccination obligation, at present it is probably not possible to derive any (secondary) obligation of employees from the employment contract to ensure sufficient immunization against COVID-19.


Employers who would be willing to bear this financial burden, however, have another point to consider: the employee basically has a legitimate interest in his actual employment in the existing employment relationship. To enforce the same, case law has developed a claim of the employee to employment in accordance with the contract: The employee should - as an expression of and in respect for his personality and his right to develop - not "only" be paid, but also actually be able to work.


In this context, a decision of the Labor Court of Bonn of November 15, 2021 (Case No. 5 BVGa 8/21) is worthy of note. There, a works council member had appealed against the central works council, which wanted to hold a works council meeting only under 2G access regulations. The works council member sought interim legal protection to ensure access to the meeting even without 2G evidence (but with a negative PCR test). The court ruled in favor of the petitioning member for the time being, arguing that the requirement of 2G proof unreasonably interferes with the right to freely exercise a mandate under Section 78 of the Works Council Constitution Act (BetrVG). In any case, it does not seem unlikely that the court would have ruled similarly in the case of an employee's employment claim against his employer. 

However, the employment claim does not apply indefinitely either. Should the constellation arise in an individual case that the employer feels compelled to introduce a 2G concept due to external pressure, it is therefore at least not ruled out from the outset that the employment claim must take a back seat to the employer's justified interest in avoiding conflicts. 

Under the current legal situation, the introduction of a 2G concept by the employer is associated with obstacles and risks. It remains to be seen whether the legislature will still take action here (possibly even going further) (and, for example, like New York City, introduce compulsory vaccination for all employees who perform their work in a presence setting as part of a 1G model). At least in part, this has currently happened: On December 10, 2021, a mandatory vaccination requirement, effective March 15, 2022, for employees in health care professions and professions caring for persons in need of care and persons with disabilities was passed by the German Bundestag and Bundesrat. Exceptions to this are only provided for in cases of medical contraindication.

In addition, the call for company 2G regulations could in any case be overtaken by the general obligation to vaccinate, which is currently under discussion. For employers and employees, too, it therefore remains exciting to see how many "Gs" they will have to adjust to in the future.

Subscribe to our newsletter