The No Vaccine Passports Act (H.R. 121) bars federal agencies from issuing vaccine passports, vaccine passes, or any standardized documentation that certifies a U.S. citizen’s COVID‑19 vaccination status to third parties. It also prohibits agencies from publishing or sharing COVID‑19 vaccination records or similar health information about U.S. citizens and cross-references the statutory definition of “agency.”
Separately, the bill makes proof of COVID‑19 vaccination ineligible as a condition for accessing Federal property or Federal services, including congressional grounds and services. For compliance officers and agency leaders this removes a potential administrative tool and creates immediate operational questions about record handling, access control, and coordination with public‑health data systems.
At a Glance
What It Does
The bill forbids any entity meeting the statutory definition of an 'agency' under 5 U.S.C. §551 from issuing vaccine passports or other standardized COVID‑19 vaccination credentials to certify a U.S. citizen’s vaccination status to third parties, and from publishing or sharing such vaccination records or similar health information. It separately prohibits conditioning access to Federal property, Federal services, or congressional grounds on proof of COVID‑19 vaccination.
Who It Affects
Executive agencies and other bodies that qualify as 'agencies' under 5 U.S.C. §551, agency personnel who manage access to federal facilities and services, and U.S. citizens whose COVID‑19 vaccination information would otherwise be issued or shared by those agencies. The text does not extend to state or private actors.
Why It Matters
The bill narrows federal administrative tools for credentialing and data sharing related to COVID‑19 vaccination, forcing agencies to change or abandon any credential systems and to rework policies for access control at federal sites. It also raises immediate operational and legal questions about permitted internal uses of vaccination data, data disclosures to public‑health partners, and how agencies will handle non‑citizen records.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The core prohibition in Section 2(a) is straightforward on its face: an agency may not issue a vaccine passport, vaccine pass, or other standardized documentation to certify a citizen’s COVID‑19 vaccination status to a third party. The language extends beyond a narrow “passport” label to cover “other standardized documentation,” and it expressly bars publishing or sharing any COVID‑19 vaccination record of a U.S. citizen or similar health information.
That dual formulation — ban on issuing credentials plus ban on publishing/sharing records — targets both the creation of a credential and downstream disclosure of vaccination data.
Section 2(b) anchors the restriction to the Administrative Procedure Act definition of “agency” by reference to 5 U.S.C. §551, which imports the usual federal definition used across statutes. Practically, that confines the prohibition to federal agencies and officials who fall within that definition; the bill does not attempt to regulate private entities, state or local governments, or foreign authorities.Section 3 adds an access control rule: proof of COVID‑19 vaccination cannot be treated as a requirement for access to Federal property or Federal services, nor for access to congressional grounds or services.
That means agencies may not condition entry to federal buildings, parks, or services on presentation of vaccination proof. The text does not specify enforcement tools, penalties, or exceptions, nor does it elaborate on how agencies should handle internal verification processes that do not involve issuing a credential to a third party.Taken together, the statute removes a specific federal administrative option (standardized vaccination credentials and certain disclosures) and establishes a categorical rule about access requirements at federal sites.
The bill is narrowly framed to COVID‑19 vaccination and to U.S. citizens in the disclosure prohibition, leaving several practical boundaries—internal use, treatment of non‑citizen records, interaction with state and private credentialing systems—unresolved on the face of the text.
The Five Things You Need to Know
Section 2(a) prohibits agencies from issuing any 'vaccine passport, vaccine pass, or other standardized documentation' that certifies a U.S. citizen’s COVID‑19 vaccination status to a third party.
Section 2(a) separately bans agencies from publishing or sharing any COVID‑19 vaccination record of a U.S. citizen, or similar health information.
Section 2(b) makes the prohibition applicable to entities that meet the definition of 'agency' in 5 U.S.C. §551 (the standard federal agency definition).
Section 3 forbids using proof of COVID‑19 vaccination as a requirement for access to Federal property, Federal services, or congressional grounds and services.
The bill addresses only COVID‑19 vaccination and U.S. citizens in its disclosure ban; it does not include enforcement mechanisms, penalties, or express exceptions for public‑health data sharing.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Short title
Gives the bill its working name, the 'No Vaccine Passports Act.' This is purely nominal but signals the statute’s focus on prohibiting federal vaccine credentialing.
Ban on issuing credentials and sharing vaccination records
Imposes two linked prohibitions: don’t issue standardized credentials certifying a citizen’s COVID‑19 vaccination status to a third party, and don’t publish or share any COVID‑19 vaccination record of a U.S. citizen or similar health information. Practically, agencies must stop creating centralized credential systems or digital passes intended for cross‑entity verification, and they must review data‑sharing practices that would distribute citizen vaccination records outside the agency.
Scope: 'agency' defined by 5 U.S.C. §551
Limits the statute’s reach by referencing the Administrative Procedure Act definition of 'agency.' This ties the prohibition to the usual federal administrative universe and excludes entities that are not agencies under federal law, such as most private firms and many state or local bodies, unless otherwise covered by federal agency rules.
Prohibition on conditioning federal access on vaccination proof
Creates an across‑the‑board rule that proof of COVID‑19 vaccination cannot be deemed necessary for entering federal property or receiving federal services, and likewise cannot be required for access to congressional grounds or services. Agencies will need to adjust access control policies, but the provision contains no guidance on alternative risk mitigations or how to reconcile security protocols with the new bar.
This bill is one of many.
Codify tracks hundreds of bills on Government across all five countries.
Explore Government in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- U.S. citizens who oppose mandatory federal vaccine credentials — they gain statutory protection against federal agencies issuing credentials or sharing their COVID‑19 vaccination records with third parties.
- Visitors and users of federal facilities and services — they cannot be required to present COVID‑19 vaccination proof to obtain access to Federal property or services, reducing access hurdles at courthouses, national parks, and federal offices.
- Privacy and civil liberties groups focused on federal data sharing — they retain a statutory limitation on federal agencies’ ability to create standardized vaccination credentials and to disclose citizen vaccination records to third parties.
Who Bears the Cost
- Federal public‑health and operational agencies (e.g., HHS, CDC, GSA) — they lose a credentialing tool that could be used for interagency or public‑private verification and must revise systems and SOPs for access and data sharing.
- Agency security and access managers — they must redesign entry and service protocols at federal sites where vaccination proof was considered, potentially increasing reliance on other mitigation measures or operational workarounds.
- Public‑health data systems and partners that rely on interagency sharing — the ban on publishing or sharing citizen vaccination records may complicate federal data exchanges with state health departments or contractors unless narrow exceptions or workarounds are developed.
Key Issues
The Core Tension
The bill forces a trade‑off between preventing federal creation and dissemination of vaccination credentials (protecting privacy and access) and preserving federal public‑health and operational tools that use vaccination data to manage risk and coordinate responses; resolving that trade‑off requires choices about how much operational friction and legal ambiguity to accept in pursuit of a categorical prohibition.
The bill’s brevity leaves multiple operational and legal questions unanswered. It bars agencies from issuing standardized credentials 'for the purpose of certifying' vaccination status to third parties and from publishing or sharing vaccination records for citizens, but it does not define key terms such as 'standardized documentation,' 'issue,' or 'third party.' That ambiguity will drive implementation disputes: must agencies dismantle technical systems that could be repurposed as credentials, or may they maintain internal records and verification processes that never produce an external credential?
Agencies will need legal interpretation to avoid over‑ or under‑compliance.
Another practical tension arises from the statute’s citizenship limitation and its narrow subject matter. The disclosure ban applies to 'citizens of the United States,' leaving open whether records for lawful permanent residents, foreign nationals, visa holders, or non‑citizen visitors are treated the same.
The law also targets COVID‑19 vaccination only; it does not address broader immunization records or other medical credentials. Finally, the bill contains no enforcement clause or penalties and is silent about exceptions for public‑health emergencies or disclosures mandated by other federal statutes, which creates uncertainty for agencies that rely on intergovernmental data sharing during outbreaks.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.