(Deutsche Fassung siehe weiter unten)

New product and provider type versions for TI-M ePA and TI-M Pro now eligible for approval

We are pleased to inform you that approvals are now possible for the following product type versions, and the corresponding approval applications can now be submitted:

• gemProdT_TI-M_Client_ePA_PTV_1.1.2-1_V1.0.0
• gemProdT_TI-M_FD_ePA_PTV_1.1.2-0_V1.0.0
• gemProdT_TI-M_Client_Pro_PTV_1.0.2-0_V1.0.0
• gemProdT_TI-M_FD_Pro_PTV_1.0.2-1_V1.0.0

The previously approvable product type versions remain valid for productive operation; however, no new approvals can be granted for them.

Furthermore, the following provider type versions are now also eligible for approval:

• gemAnbT_TI-M_ePA_ATV_1.0.3_V1.0.0
• gemAnbT_TI-M_Pro_ATV_1.1.7_V1.0.0

Please note: a new requirement has been introduced mandating implementation of the TI Security Standard, which must be demonstrated as part of the process audit for security-related suitability.

The provider type version gemAnbT_TI-M_ePA_ATV_1.0.2_V1.0.0 remains valid for productive operation; however, no new approvals can be granted for it.

The provider type version gemAnbT_TI-M_Pro_ATV_1.1.6_V1.0.0 remains eligible for approval for resellers (provider constellations 2 and 3).

----------------------------------------------------------------

Neue Produkt- und Anbietertypversionen für TI-M ePA and TI-M Pro zulassungsfähig

Wir freuen uns Ihnen mitzuteilen, dass für die folgenden Produkttypversionen ab sofort Zulassungen möglich sind und die entsprechenden Zulassungsanträge dazu gestellt werden können:

• gemProdT_TI-M_Client_ePA_PTV_1.1.2-1_V1.0.0
• gemProdT_TI-M_FD_ePA_PTV_1.1.2-0_V1.0.0
• gemProdT_TI-M_Client_Pro_PTV_1.0.2-0_V1.0.0
• gemProdT_TI-M_FD_Pro_PTV_1.0.2-1_V1.0.0

Die bisher zulassungsfähigen Produkttypversionen behalten ihre Gültigkeit für den Produktivbetrieb, es sind allerdings keine neuen Zulassungen mehr möglich.

Weiterhin sind folgende Anbietertypversionen nun ebenfalls zulassungsfähig:

• gemAnbT_TI-M_ePA_ATV_1.0.3_V1.0.0
• gemAnbT_TI-M_Pro_ATV_1.1.7_V1.0.0

Hinweis: neu hinzugekommen ist die Verpflichtung zur Umsetzung des TI Security Standards, die im Rahmen der Prozessprüfung zur sicherheitstechnischen Eignung nachgewiesen werden muss.

Die Anbietertypversion gemAnbT_TI-M_ePA_ATV_1.0.2_V1.0.0 behält ihre Gültigkeit für den Produktivbetrieb, es sind allerdings keine neuen Zulassungen mehr möglich.

Die Anbietertypversion gemAnbT_TI-M_Pro_ATV_1.1.6_V1.0.0 bleibt weiterhin für Reseller (Anbieterkonstellation 2 und 3) zulassungsfähig.

Today, we released the full version 3 of the test suite.

The test suite now includes the new Testset V3 and additionally a new test suite/set documentation structure, and it now uses Java 21. For full details of all changes, please refer to our ReleaseNotes.md.

As an additional reminder: Since last year, we also provide a certificate revocation list for our test driver certificates. No certificates were compromised; we provide the list as a precaution. You will still find some revoked certificates in the list—those were revoked due to administrative reasons (e.g., a domain change or similar). We still highly recommend that you configure the revocation list in your infrastructure so that, in case we ever need to revoke a certificate for more serious reasons, you are already familiar with the configuration.

If you encounter any issues with the test suite, please raise an issue on GitHub to inform us.

Resources:

Test suite repository: https://github.com/gematik/TI-Messenger-Testsuite

Full release notes: https://github.com/gematik/TI-Messenger-Testsuite/blob/main/ReleaseNotes.md

Test driver API: https://github.com/gematik/TI-Messenger-Testsuite/blob/main/src/main/resources/api/TiMessengerTestTreiber.yaml

Today, a patch for the test suite has been released. This patch delivers dependency updates, security improvements, and test enhancements. It updates the existing V2 example Serenity report, extends the glue code to support changing room properties for V3 tests, and adds a V2 test for requesting the Synapse version without validation.

This release also remediates some dependency vulnerabilities through library updates and exclusions. Please note that this will be the last release including a Serenity example report for V2. The next release will include a report for V3 instead.

V3 tests and documentation are not yet part of this release and will follow once internal testing has been completed.

If you experience any issues with the test suite, please create an issue on GitHub to let us know.

Resources:

Test suite repository: https://github.com/gematik/TI-Messenger-Testsuite

Full release notes: https://github.com/gematik/TI-Messenger-Testsuite/blob/main/ReleaseNotes.md

Test driver API: https://github.com/gematik/TI-Messenger-Testsuite/blob/main/src/main/resources/api/TiMessengerTestTreiber.yaml

New metrics in the TI-Dashboard: Live data on TI-Messenger now available

The TI-Dashboard now provides current figures on TI-Messenger usage. TI-Messenger is one of the youngest TI applications, developed for ad hoc communication within healthcare organizations or between staff of different organizations. Usage is voluntary.

Daily Updated Metrics

The dashboard shows:

• How many healthcare professionals from organizations and institutions communicate via TI-Messenger
• How many citizens are registered for TI-Messenger
• How many messages have been sent

Figures are updated daily (mornings).

Current Implementation

TI-Messenger is integrated into health insurers' ePA apps. Citizens can use it to communicate with healthcare organizations that also use TI-Messenger. Several health insurers are already using TI-Messenger solutions for secure and fast communication with their members, as are healthcare organizations and professionals for communication among themselves.

TI-Dashboard: https://www.gematik.de/telematikinfrastruktur/ti-dashboard

We're rolling out two targeted hotfixes today that enhance the security framework of our TI-Messenger products. These updates address room encryption and access control, ensuring better protection for your communication spaces.

What's New

TI-Messenger ePA: Encrypted Rooms by Default

We've implemented requirement A_26015-02, which prevents the creation of unencrypted rooms in TI-Messenger ePA.

What this means for you:
The client will no longer allow users to configure rooms with the following settings:

• Join Rules set to "public" or "knock"
• History Visibility set to "world_readable"
• Room Directory Visibility set to "public"
• Encryption disabled

This ensures that all communication remains encrypted and access-controlled from the start. Your existing private rooms continue to work exactly as before.

TI-Messenger Pro: Protecting Legacy Public Rooms

With requirement A_28755, we're adding an additional safety layer for any historical public rooms that might exist.

How it works:
If a room has the "public" join rule without federation being explicitly disabled (m.federate=false), the TI-M Federation Service now restricts room access to users whose accounts are on the same homeserver where the room was originally created.

This prevents unauthorized external access while maintaining functionality for legitimate users on the same server.

Version Status

Both hotfixes are being released with "valid" status and replace their respective predecessor versions, which are now marked as "deprecated".

Link:

https://gemspec.gematik.de/releases/TI-Messenger_26_1/

Element's multi-tenancy implementation of Synapse Pro has completed a gematik-commissioned penetration test with a "Good" rating. While formal gematik approval for production use is still required, the successful security validation shows no identifiable barriers to deploying this multi-tenancy feature in TI-M Pro environments.

What is Multi-Tenancy?

Multi-tenancy allows hosting providers to run a single server infrastructure that securely serves multiple independent organizations. Each organization's data remains strictly isolated while infrastructure costs are shared across tenants.

Potential Impact on Healthcare Delivery

This validated solution opens up new possibilities for the TI-M Pro ecosystem:

• Family practices, local clinics, and pharmacies could gain access to TI-M Pro compliant infrastructure at more affordable price points
• Hosting providers can develop service offerings targeted at smaller organizations that couldn't justify dedicated server costs
• Healthcare providers could benefit from professionally managed infrastructure without requiring their own IT investments

The security validation enables hosters to build future service offerings that may make TI-M Pro accessible across organizations of all sizes, supporting broader adoption in the healthcare sector.

Interested in using this solution in your Fachdienst? Please contact us to discuss the approval pathway and next steps.

A new major version of the test suite has been released. This update includes the API changes for the new V3 version, as well as glue code to prepare for the upcoming V3 tests. The tests themselves are not yet included in this release and will be published at a later date. For full details of all changes, please refer to our ReleaseNotes.md.

If you encounter any issues with the test suite, please open an issue on GitHub to let us know.

Resources:

• Test suite repository: https://github.com/gematik/TI-Messenger-Testsuite
• Full release notes: https://github.com/gematik/TI-Messenger-Testsuite/blob/main/ReleaseNotes.md
• Test driver API: https://github.com/gematik/TI-Messenger-Testsuite/blob/main/src/main/resources/api/TiMessengerTestTreiber.yaml

The TI Messenger Pro Headless Client is introduced as a standalone, invisible component designed for integration into primary systems such as Practice Management Systems (PVS), Hospital Information Systems (KIS), or contact center platforms. This document outlines its technical orientation, security requirements, as well as the test and operational model. No new functionality is introduced for end users; rather, the existing TI Messenger Pro functionality is delivered via an alternative technical approach..

The feature document for this draft release can be accessed via the following link:

Draft gemF TI-M Headless Client Feature Document.

Feedback is encouraged and can be provided directly within the document by commenting on chapter headings or AFOs (Architectural and Functional Objectives). Each comment will automatically generate a GitHub issue.

For an overview of existing feedback and comments, please visit the GitHub repository:

Draft gemF TI-M Headless Client Issues.

We look forward to your contributions to this collaborative review process.

We are pleased to announce the release of TI-Messenger_25_3, the latest update to the TI-Messenger specifications. This release represents a significant step in advancing digital communication within the German healthcare system and provides the foundation for industry partners to develop innovative products for the telematics infrastructure (TI).

Key Updates in TI-Messenger_25_3

The new release introduces several important enhancements to the specifications, supporting the development of interoperable, secure, and efficient products:

1. Launch of Deletion Concept v2
   The updated deletion concept improves clarity and efficiency in managing data lifecycles. This update ensures compliance with regulatory requirements and simplifies implementation for industry partners.

2. Introduction of Provider Type Specification Sheet: TI-Messenger Pro
   A new and uniquely identifiable Provider Type Specification Sheet for TI-Messenger Pro has been introduced. This specification sheet outlines the normative requirements for providers of TI-Messenger services, ensuring secure, functional, and interoperable operation of service units and products.

3. Refinements Based on External Feedback
   We have incorporated valuable feedback from external stakeholders into the specifications. These smaller adjustments reflect our commitment to continuous improvement and collaboration with the industry.

Validity and Certification Pathway

The new specifications have been published with the status ‘valid’, while existing specification sheets will remain in the status ‘certifiable’. This ensures a smooth transition for industry partners while maintaining continuity for current services.

To facilitate approvals under the new release, we are actively working on updating the test system, which is scheduled for deployment in March 2026. Once the updated test system is available, the new specifications will become the standard for product approvals.

Importantly, existing products based on previous specifications will remain fully operational. The old product specifications will retain their ‘valid’ status, meaning that products already deployed can continue to function seamlessly. Additionally, industry partners can still request follow-up client approvals for services based on specification sheets with the ‘valid’ status.

The gematik specialist portal (Fachportal) has just published the new KIB concept for TI-Messenger Pro, titled "gemKPT_Inbetriebnahme_TI-Messenger_Pro" (Version 1.0.0). This updated concept aims to simplify the organisational aspects of the KIB (Commissioning and Initial Operation) process for TI-Messenger Pro, enabling quicker and more efficient implementation. The adjustments follow a thorough analysis of previous KIB processes and incorporate valuable feedback from approval holders. With these changes, the quality of the approval process will be maintained while making its execution more straightforward and effective.

https://fachportal.gematik.de/fileadmin/user_upload/gemKPT_Inbetriebnahme_TI-Messenger_Pro_V1.0.0.pdf

At the same time, the previous KIB concept for TI-Messenger 1.1 and TI-Messenger Pro ("gemKPT_Inbetriebnahme_TI-Messenger") has been updated to Version 1.2.1. This version will now only apply to the KIB process for TI-Messenger 1.1 and will no longer be valid for TI-Messenger Pro.

https://fachportal.gematik.de/fileadmin/user_upload/gemKPT_Inbetriebnahme_TI-Messenger_V1.2.1.pdf

Key Updates in the New KIB Concept for TI-Messenger Pro

The new KIB concept introduces several significant improvements designed to streamline the process for TI-Messenger Pro. These include:

• Consolidated Process: The KIB for service provider institutions (LEI) will now take place in a single phase, replacing the previous three-stage process.
• Simplified Requirements:
  • A reduced number of participants (LEI users) is now required.
  • Fewer documents are necessary, as interim reports have been eliminated.
  • Fewer TI-ITSM changes need to be processed, as the staged approach has been removed.
• Simplified Follow-up Approvals: A clear definition has been introduced outlining the conditions for conducting streamlined KIB processes for follow-up approvals. These will also require:
  • Fewer participants (LEI users).
  • Fewer use cases to be addressed.

These changes represent a significant step forward in simplifying and optimising the KIB process for TI-Messenger Pro, ensuring both efficiency and quality in implementation.

The TI-Messenger program has taken an important step forward with a newly structured roadmap for the Pro 1.1 and Pro 1.2 releases. The decision to redesign and reschedule these releases reflects both the technical maturity of the project and a clear focus on reducing integration risks while delivering value to users earlier and more reliably.

Why the Roadmap Was Restructured

The initial scope of TI-Messenger Pro 1.1 proved to be highly complex during detailed specification. Several components were strongly interlinked, increasing implementation risks and dependencies.
To address this, the original release was decomposed into two consecutive versions — Pro 1.1 and Pro 1.2.

This modular restructuring serves three main goals:

• Risk reduction in integration and testing,

• Early delivery of usable, high-value functions,

• Independence from uncertain external release schedules.

By separating the releases, the TI-Messenger team ensures stable progress and avoids technical bottlenecks, all while keeping the long-term roadmap intact.

What Each Release Delivers

TI-Messenger Pro 1.1

Pro 1.1 focuses on integration, data consistency, and interoperability.
Key components include:

• Integration of Headless and Embedded Clients,

• Provision of structured data and consent management,

• Implementation of Matrix updates 1.15 / 1.16.

Together, these enable seamless embedding into primary systems and specialist applications.
Healthcare providers benefit from fewer media disruptions, reduced manual transitions, and more stable communication processes — all of which support scalability without additional staffing effort.

TI-Messenger Pro 1.2

Pro 1.2 is centered on secure identities, automation, and efficiency.
It introduces:

• Strengthened secure profiles and identity management,

• A standardized bot operating environment,

• Refactoring of power levels to streamline system governance.

These improvements accelerate information flow across care pathways, reduce waiting and idle times, and help relieve clinical and administrative workloads.

Roadmap Timeline

The TI-Messenger roadmap defines a structured sequence for concept development, specification, and release activities across the Pro 1.1 and 1.2 versions.
The concept phase for TI-Messenger Pro 1.1 is already underway and will be followed by specification work starting at the end of February 2026. The release is planned for the end of May 2026, with test readiness expected in the fourth quarter of 2026.
The concept phase for Pro 1.2 is scheduled to start at the end of May 2026, with subsequent specification work extending into early 2027. Test readiness for Pro 1.2 is planned for the third quarter of 2027.

Backlog Items and External Dependencies

Two important functionalities remain on hold due to external dependencies:

• Voice and Video Communication:
  Implementation depends on the completion and approval of the MatrixRTC MSC 4143 specification.
  Since the Matrix Foundation has not yet set a final timeline, this feature has been deferred.
  Current expectations point to a MatrixRTC release in 2026, after which TI-Messenger can integrate federated voice and video calls.

• Multi-Tenant Capability:
  This functionality has also been moved to the backlog, as compliant, multi-tenant market solutions already exist.
  A regulatory assessment is ongoing to determine whether a separate TI-Messenger-specific implementation is required or if existing industry solutions suffice.

A More Sustainable Roadmap

The refined roadmap reflects a pragmatic approach: modular releases, reduced complexity, and coordinated alignment with the broader digital health ecosystem.
By structuring development into manageable, independent phases, the TI-Messenger initiative maintains its momentum while ensuring stability, interoperability, and measurable value for the healthcare sector.

Today, we have released a patch for the test suite.

This update includes several fixes for creating and updating HealthcareServices, where a more lenient comparison is now applied.

Additionally, we now provide a certificate revocation list (CRL) as a precautionary measure in case we ever need to revoke a compromised certificate. To clarify, no certificates have been compromised. However, you will find some revoked certificates in the list, which were deactivated for administrative reasons (e.g., a domain change or similar). We strongly recommend configuring the CRL in your infrastructure so that, in the event of a more critical revocation in the future, you are already familiar with its setup and usage.

We have also published an example Serenity report. This report serves as a reference to assist with test driver implementation. While we will make an effort to keep it up-to-date, please note that the reference system follows agile development practices. As a result, the tests and responses in the report may not always be complete or reflect the latest changes in the test suite.

For a detailed overview of all changes, please refer to our ReleaseNotes.md.

If you encounter any issues with the test suite or have questions about the changes mentioned, please don’t hesitate to raise an issue on GitHub to let us know.

Resources:

Test suite repository: https://github.com/gematik/TI-Messenger-Testsuite

Full release notes: https://github.com/gematik/TI-Messenger-Testsuite/blob/main/ReleaseNotes.md

Test driver API: https://github.com/gematik/TI-Messenger-Testsuite/blob/main/src/main/resources/api/TiMessengerTestTreiber.yaml

Since November 2024 TI-M is based on Matrix v1.11. Since then, four subsequent versions of the protocol have been released including fixes and new features. In order to make these improvements accessible in TI-M we're planning to rebase our specification on Matrix v1.15.

The necessary changes have already been published in https://github.com/gematik/api-ti-messenger/pull/327. The most notable difference is the mandatory switch to the new OAuth 2.0 APIs which will require deploying matrix-authentication-service (or a suitable replacement). If you have any feedback on these planned changes, you're welcome to leave comments and engage with us on GitHub.

A field issue has been identified that affects the intended permissions model for chat initiation in TI-M ePA. To address this, a mandatory update will be released tomorrow.

The intended system design specifies that healthcare institutions (LEIs) should only be discoverable in the directory (VZD) if they have explicitly configured their visibility for insured persons. At present, LEIs are being found in the VZD and are therefore reachable—and can be invited to chats—by insured persons, even if this was not intended.

Unintended visibility currently allows the Matrix address of LEIs to become known, enabling chat invitations that should not be possible without explicit consent. Such behavior deviates from the intended permissions model..

We will address this issue promptly by implementing the necessary technical adjustments. Moving forward, LEIs will only be visible by insured persons if they have actively set their visibility accordingly.

Solution Approach:
As part of the fix, we will adopt the use case from TI-M Pro into TI-M 1.1.2 as a hotfix:
AF_10377 – Organization – Set FHIR-VZD Visibility for Insured Persons

In addition, we will centrally correct the affected entries in the VZD so that they are no longer visible to insured persons, thereby preventing unwanted chat invitations.

By controlling visibility in the VZD, we prevent the Matrix address from being exposed, thereby stopping unwanted chat invitations from insured persons.

We appreciate your feedback and will continue to monitor and optimize the system as required during this rollout phase.

As part of our product development, we would like to start a public discussion on the TI-Messenger Connect.

Our hypothesis: There is a growing need for 1:1 communication between service providers and patients in the healthcare system. Especially in primary care. As things stand today, patients need to be identified at a high level of trust for the health ID before any communication via the TI Messenger.

The TI-Messenger Connect outlines a target image for simplified access to enable 1:1 communication between insured persons and service providers. The TI-Messenger Connect is intended to enable context-related and low-threshold 1:1 communication (“care context”). TI-M Connect therefore starts where patients are already (digitally) located: In doctors' surgeries, hospitals, pharmacies and telemedical contexts.

• Service providers will be able to provide their patients with their own TI messenger - integrated into a patient portal, a pharmacy app or an appointment booking platform, for example (design goal 1 - TI-M address for all).
• For insured persons, communication via connection requests will be much easier to access because service providers will open a bidirectional chat room with their patients directly on site - from within the care context (design goal 2 - simple onboarding).

Our long-term goal: TI-M shall be used in telemedicine in the future.

To discuss TI-M Connect with us, please comment via Github Discussions: 

https://github.com/gematik/api-ti-messenger/discussions/316