Simple, easy implementation
One does not need a dedicated app, as the token can be stored and accessed using Wallet on iOS/Android and then the ‘passport reader’ can confirm compliance by contacting a dedicated server which stores the info.
The reader would take a QR Code from a phone. It would then authenticate itself to the dedicated server which returns a passport style photo of the individual (with a watermark and small, random sections removed) and a notice showing the person has been independently verified as compliant. No name, no date of birth, no medical information is needed. If someone can’t be vaccinated for legitimate medical reasons, they would still show as compliant to avoid any form of discrimination. Anyone who isn’t compliant simply doesn’t show up, and it would be doctors who would create the passport record and store a copy of the UUID in a patient medical record each year, which is an independent, confidential system. The creation could be done by a webcam connected to a PC which authenticates to a web portal using TPM-backed client SSL client machine certificate plus credentials for each doctor (could be hooked into NHS Azure AD for simple, easy SSO).
As this is just for COVID and we are talking about a disease which will be as seasonal as flu, old data could be purged from the system every year, and only minimal amounts of data would be stored in the first place (a UUID, a photo and a date).
This means in the event of a compromise, people get photos of faces and that is it. People running the checks see your face (which is in front of them anyway) which gives away nothing more than you did by attempting to enter an establishment to begin with. Your privacy is preserved and if you don’t trust the government then this could be delegated to an independent organisation to ensure data segregation.
Does this really need £30m? Paris says even Dropbox could get this right!