Overview
- From January 1, 2026, Elliptic Curve Cryptography is mandatory in the health telematics network and RSA‑2048 may no longer be used, according to the Bundesnetzagentur.
- The KBV reports more than 50,000 outdated electronic professional IDs, with additional upgrades needed for SMC‑B practice cards, card terminals and Konnektoren, and a provider’s missing interface is blocking certificate confirmations cited by the medical chamber.
- The KBV has asked the Bundesnetzagentur to allow RSA-based physician signatures until mid‑2026, while Gematik is holding to the cutoff on security grounds.
- Without ECC-capable IDs, practices cannot issue e‑prescriptions, electronic sick notes or digital doctor letters and would fall back to paper, with the extent of any disruption hinging on the regulator’s pending decision.
- Separately, the Bundestag approved ePA changes that keep billing data visible only to insured persons and reauthorize video-ident for activation, prompting security concerns alongside usability hopes.