the emergency contact sends their public key to the owner of the vault
the owner encrypts the key for the vault using said public key and stores the result on bitwarden’s servers
the emergency contact can now request the decryption key from bitwarden, which they will receive either if the vault owner manually approves the request or if the request is not rejected within a certain amount of time
the emergency contact can then decrypt the stored vault key using their private key, and use that to access the vault
my understanding is:
source