On this page
concept

Digital Product Passport

Created 2026-06-29 29 connections

Digital Product Passport

A Digital Product Passport (DPP) is a structured digital record linked to a physical product via a unique data carrier (QR code, NFC tag, or RFID chip). When scanned, the carrier retrieves the product's passport data from a connected digital system, giving consumers, repairers, recyclers, and regulators access to information about a product's materials, origin, environmental footprint, and end-of-life instructions. The EU is mandating DPPs under the Ecodesign Regulation (ESPR) as a central mechanism for making product supply chains transparent and for enforcing circularity objectives.

Firewall: every claim is what a source reports. See ../../CONTEXT.md Rule 1.


The governing regulation is Ecodesign Regulation (ESPR) (Regulation (EU) 2024/1781), which entered into force on 18 July 2024 and replaced the energy-only Ecodesign Directive 2009/125/EC. (Inriver, 2026-05; TÜV SÜD webinar, 2025-08-26)

The ESPR is a framework regulation: it mandates DPPs in principle but delegates the specific data requirements, formats, and timelines to per-product-group delegated acts that are still being developed. (Reach Law Talks, 2024-04-26; Compliance and Risks webinar, 2025-08-26) The governing plan for which product groups are tackled and in what order is the ESPR Working Plan 2025–2030, adopted 16 April 2025. (PassportCraft, reviewed 2026-06-16)

Who must comply: The compliance obligation sits with the "economic operator" placing the product on the EU market — typically the manufacturer or importer — regardless of where the company is headquartered. For non-EU online sellers, the manufacturer or importer targeting EU customers is responsible. (Supercode, 2026-03-19; TÜV SÜD, 2025-08-26; Compliance and Risks, 2025-08-26) A 2021 Omnibus simplification package streamlined CSRD and CSDDD obligations but left ESPR/DPP unchanged. (PassportCraft, reviewed 2026-06-16)

Scope: In principle, all physical products placed on the EU market fall under ESPR unless explicitly excluded (food, pharmaceuticals, living organisms are out). (Inriver, 2026-05; Reach Law Talks, 2024-04-26)

Beyond ESPR: Four other EU regulations also mandate DPPs independently:

  • Battery Regulation (EU 2023/1542) — EV + LMT batteries + industrial batteries >2 kWh (mandatory from 18 Feb 2027)
  • Construction Products Regulation (EU) 2024/3110 — most provisions January 2026
  • Critical Raw Materials Act (EU) 2024/1252 — products with permanent magnets, from May 2027
  • Toy Safety Regulation (EU) 2025/2509 — August 2030

(PassportCraft, reviewed 2026-06-16)


How it works mechanically

Data carrier

The physical product (or its packaging) carries a data carrier — most likely a dynamic QR code, but NFC or RFID are also options under ESPR Article 10. The carrier links to a unique persistent identifier (UID) that resolves to the product's passport data. (Supercode, 2026-03-19; Euverify, 2026-03-12; TÜV SÜD, 2025-08-26)

GS1 Digital Link is the globally standardised URL-based QR format that embeds a product's GTIN [1] and is explicitly recommended by GS1 Europe for DPP compliance; it is already recognised by all major EU retail scanning infrastructure. (Supercode, 2026-03-19) Reddit practitioners note that GS1 Digital Link looks like the frontrunner but is not mandated, and that GS1 membership and GTIN registration costs create an additional barrier for small brands. (r/sustainability, 2025-01)

Dynamic vs static QR: Dynamic QR codes (where the destination URL can be updated without reprinting labels) are strongly recommended because regulatory data requirements will evolve across the multi-year delegated-act rollout. (Supercode, 2026-03-19)

Data storage architecture

The DPP system is designed as decentralised: each economic operator manages their own passport data (or delegates to a certified third-party DPP service provider). There is no single central EU database holding passport content. However, the EU Commission is building a central identifier registry (expected July 2026) and a public web portal to connect all DPPs by unique identifier. (Euverify, 2026-03-12; TÜV SÜD, 2025-08-26; Compliance and Risks, 2025-08-26)

"EU Central Registry" framing: PassportCraft (reviewed 2026-06-16) describes a "EU Central DPP Registry" going live 19 July 2026 for all products to be registered in. Euverify (2026-03-12) and TÜV SÜD (2025-08-26) both emphasise the system is decentralised with a central registry for unique identifiers only — not a full data repository. These are compatible (the registry stores UIDs, not passport content) but the distinction is architecturally significant. The decentralised reading is better supported by the primary text (ESPR Art. 10–12) as described by these sources.

Data must be structured in open, machine-readable formats (XML, JSON) to ensure interoperability and prevent vendor lock-in. (Supercode, 2026-03-19) CEN/CENELEC have been mandated to develop 8 harmonised DPP standards covering unique identifiers, data carriers, access rights, interoperability, data processing, storage, authentication, and APIs. These missed their informal mid-2025 and formal March 2026 deadlines and were still in draft (prEN/FprEN) stage as of mid-2026. (PassportCraft, reviewed 2026-06-16; Compliance and Risks, 2025-08-26)

A new role — "certified independent third-party DPP service provider" — stores a backup copy of each DPP, important if an economic operator goes out of business. (Reach Law Talks, 2024-04-26)

Three-tier access model

TierWhoWhat they see
Consumer / publicAnyone scanning the QRSustainability attributes (durability, recyclability, materials, care)
Business / repair / recyclingAuthorised repairers, recyclersDesign, material, dismantling information, spare parts
Regulatory authorityCustoms, Commission, notified bodiesFull compliance data, test reports, substances of concern

Some data may be restricted as trade secrets. (TÜV SÜD, 2025-08-26; Sigma Technology, 2025-05-09; Supercode, 2026-03-19)

Reddit practitioners note that the access tiering is "technically complex" and "most DPP vendors haven't solved this properly yet" (as-of 2025-05). (r/sustainability, 2025-01)

Item-level vs product-level

The granularity of DPP data — whether each physical item gets its own passport (item-level) or all units of a SKU share one passport (product-model-level) — is still to be determined per product group via delegated acts. Batch-level is a middle option. Item-level tracking is needed for circular-economy use cases (secondhand, repair history, end-of-life routing) but is harder to implement. (Reach Law Talks, 2024-04-26; r/circulareconomy, 2025-03)


Data requirements

Core data categories expected across product groups (indicative — exact fields per category are set by delegated acts not yet adopted for most groups as-of 2026-06-29):

  • Product identification: name, model, batch, manufacturing date, warranty
  • Material and component data: raw material origins, responsible sourcing, supplier details
  • Sustainability data: carbon footprint, energy use, emissions
  • Repair details: repairability score, replacement components, service events
  • Substances of concern (under ESPR this is broader than REACH SVHC — covers any substance that negatively affects recycling or reuse; a larger set than currently reportable under REACH)
  • Unique identifiers for product / operator / manufacturing facility
  • Certification information; DPP service provider details

(Inriver, 2026-05; TÜV SÜD, 2025-08-26; Compliance and Risks, 2025-08-26; Supercode, 2026-03-19)

Textile/apparel data (Phase 1 indicative, as-of 2026-06-29): fibre composition, country of manufacture, chemical compliance, certifications. Phase 2 (indicative): carbon footprint, water consumption. These are based on the JRC November 2024 study and Working Plan priorities — not yet confirmed in a delegated act. (PassportCraft, reviewed 2026-06-16; Compliance and Risks, 2025-08-26)

Battery passport data (mandatory from 18 Feb 2027): minimum recycled content targets (e.g. 6% recovered lithium/nickel by 2030), carbon footprint per kWh by model and manufacturing plant, real-time battery management system data (state of health, charging cycles), due diligence on cobalt/lithium/nickel with full chain of custody to mine level. (Tilco Advisers, 2026-01-07; Compliance and Risks, 2025-08-26; Supercode, 2026-03-19)


Timeline (as-of 2026-06-29)

DateEventStatus
18 Jul 2024ESPR in forceDone
16 Apr 2025ESPR Working Plan 2025–2030 adopted (textiles = 2027 priority)Done
19 Jul 2026Unsold goods destruction ban on apparel/footwear (large companies)21 days away
Jul 2026EU Central DPP identifier registry expected liveExpected (volatile)
27 Sep 2026Empowering Consumers Directive (ECGT) bans unsubstantiated eco-claimsImminent
18 Feb 2027Battery DPP mandatory — first legally required DPPConfirmed
May 2027Critical Raw Materials Act products with permanent magnets DPPConfirmed
Q2 2027Textile/apparel delegated act adoption (indicative)Expected (volatile)
Apr 2027CIRPASS-2 pilot project concludes (13 pilots incl. textiles)Expected
2027GS1 Sunrise — barcode-to-QR transition reaches critical massExpected
Apr 2028EU EPR for textiles operational (Extended Producer Responsibility (EPR))Expected
Late 2028/early 2029Textile DPP compliance (~18mo after delegated act adoption)Indicative
Aug 2030Toy Safety Regulation DPP mandatoryConfirmed
2030Advanced textile DPP (EPRS phased recommendation)Indicative
2033Fully circular textile DPP (EPRS phased recommendation)Indicative

(PassportCraft, reviewed 2026-06-16; Compliance and Risks, 2025-08-26; Inriver, 2026-05)

Textile DPP timeline: PassportCraft (reviewed 2026-06-16) describes a single compliance deadline of "late 2028/early 2029" for textiles (~18 months after Q2 2027 delegated act adoption). Inriver (2026-05), citing a European Parliament Research Service study (EPRS_STU(2024)757808), describes a phased rollout — minimal DPP by 2027, advanced DPP by 2030, fully circular DPP by 2033. These are compatible (the EPRS phases the requirements; the 2028/2029 date may refer to Phase 1 compliance only) but the framing differs materially. The EPRS source, being a parliamentary research document, may be more authoritative on the phasing question.

What has already slipped (as-of 2026-06-29): Battery carbon footprint methodology (due 2024) not yet adopted; battery due diligence requirements delayed from August 2025 to August 2027 via Regulation 2025/1561; CEN/CENELEC DPP standards missed both informal mid-2025 and formal March 2026 deadlines. (PassportCraft, reviewed 2026-06-16)

Political risk: Reddit participants note (r/europeanunion, 2024-12) that a DPP software startup founder reported three signed contracts put on hold in Q1 2025 due to customers monitoring political stability following post-2024 EU elections; CSRD rollback is cited as a precedent. A policy analyst countered that DPP is more resilient because it is also framed as EU industrial policy (competitive moat vs Shein/Temu) and can attract cross-party support. The Omnibus package (2025) did NOT change ESPR. (PassportCraft, reviewed 2026-06-16; r/europeanunion, 2024-12)


Fashion and ecommerce implications

What it means for fashion retailers:

  • Apparel, footwear, and clothing accessories are confirmed in-scope under ESPR working plan (textiles/apparel group, adoption target 2027, ~18-month compliance window)
  • The unsold goods destruction ban (large companies, 19 Jul 2026) is the first near-term ESPR obligation — documented in Ecodesign Regulation (ESPR)
  • Footwear is being treated as a separate product group; a sustainability feasibility study is expected by end of 2027 (as-of 2026-06-29)
  • JRC study (Nov 2024) proposed the textile definition should cover any product with ≥80% textile fibres by weight (Compliance and Risks, 2025-08-26)
  • The EU's textile DPP will function like a "nutrition label for clothes" — consumers scan a QR to see water usage, dyes, recyclability, the product's full environmental story (sustainability podcast, 2024-10-16)
  • European Environment Agency estimates 5.8 million tons of textiles discarded annually in the EU (~11 kg/person/year) — cited as the primary policy driver (sustainability podcast, 2024-10-16) (as-of 2024)

The Green Claims trap: Reddit practitioners (r/ecommerce, 2024-10) note that the Green Claims Directive creates a compliance interaction risk: a brand saying "100% sustainable cotton" on its website could have DPP passport data that contradicts the claim, and Green Claims enforcement could use DPP data as evidence against the brand. (r/ecommerce, 2024-10)

Shein/Temu as market access barrier: Reddit practitioners and EU MEPs frame DPP as a de-facto market access barrier for ultra-fast-fashion brands that lack supply chain traceability — the political framing that helps insulate ESPR from rollback. (r/fashion, 2025-04; r/europeanunion, 2024-12)

Marketplace implications: One Reddit commenter (r/ecommerce, 2025-05, 145 upvotes, speculative) suggests that marketplaces like Zalando and ASOS will build DPP data collection into their seller onboarding, effectively becoming compliance infrastructure for smaller sellers — not yet confirmed by practitioners.

UK brands: DPP does not apply for UK domestic market sales. EU sales still require compliance. Some UK brands are proactively preparing on the assumption that the UK will adopt similar standards eventually, and building one system is cheaper than two. (r/fashion, 2025-04)


Implementation challenges

The hard part is upstream data, not the QR code. Material composition must come from suppliers; carbon footprint requires lifecycle assessment methodology or third-party data; chemical substance declarations require verified supplier documentation. (Supercode, 2026-03-19)

Vendor market is immature (as-of 2025-05). Reddit practitioners evaluating DPP software vendors (Fairly Made, Sourcemap, TextileGenesis, Tilkal, Circularise) described the market as "incredibly immature" — vendors are each strong in one area but no complete solution exists; enterprise platforms (SAP, Oracle) were 12–18 months from production-ready. "Wait-and-see is becoming the dominant industry strategy." (r/sustainability, 2025-05) Battery sector practitioners counter that supplier data collection took 3× longer than expected even starting 18 months out. (r/sustainability, 2024-11)

Reported cost benchmarks (as-of 2025-04, volatile): Small sustainable brands report being quoted €15,000–€50,000 annually for DPP software implementation; lighter-touch solutions at €3–8k annually exist but do not help with the data collection problem. (r/sustainability, 2025-04)

Realistic compliance lead time: Industry consensus is 12–18 months from delegated act adoption for a typical manufacturer, covering data collection, platform selection, QR integration, and supplier engagement. (Supercode, 2026-03-19)

PIM as compliance hub: Multiple sources frame PIM (Product Lifecycle Management (PLM)) systems as shifting from marketing tools to essential compliance infrastructure. The core problem is not a lack of data but a lack of "master data" — a single verified, consistent source of truth for every product. Many large companies rely on disconnected ERPs or siloed spreadsheets. (Tilco Advisers, 2026-01-07; Inriver, 2026-05)

Supply chain agility trade-off: Reddit practitioners (r/supplychain, 2025-03, 212 upvotes) note that DPP creates strong incentives to reduce supplier switching, because re-collecting verified data for new suppliers is expensive. This may make supply chains less agile — described as a "genuine unintended consequence nobody has modeled." Large brands are reportedly subsidising Tier 2 supplier monitoring equipment installation — viable only for large brands.

Product data maintenance burden: The DPP is not static — it must be updated when regulations change, when the supply chain changes, or when the product is repaired. Reddit practitioners describe this as "a living document for every SKU, forever — a completely new function that doesn't exist in most retail operations." (r/sustainability, 2025-05)

Tier 2/3 supplier gap: Reddit practitioners (r/supplychain, 2025-03, 287 upvotes post; 198 upvotes top comment) report that Tier 2 and 3 suppliers "have no idea this is coming and many of them will never be able to provide the data you need." The correct model would have data living with the factory, but the infrastructure for supplier-side DPP data does not exist and no EU funding mechanism is in place.

Blockchain skepticism: Reddit practitioners (r/sustainability, 2025-05, 167 upvotes) are skeptical of blockchain-based DPP vendors: "What you need is data integrity, access control, and auditability. You can get all of that with a conventional database and proper governance."

QR durability concern: Practitioners (r/circulareconomy, 2025-01) note the physical QR code or NFC tag may not survive a garment's lifetime through washing and wear — raising questions about how DPP data reaches recyclers at end-of-life for products placed on market before the DPP infrastructure was built.

Brand continuity / bankruptcy gap: If a brand goes bankrupt, who maintains the passport? This is described as "not clearly solved" in the regulation. (r/circulareconomy, 2025-01)


The battery passport as a DPP pilot

The Digital Battery Passport (mandatory 18 Feb 2027) is explicitly described as the "pilot program" and "blueprint" for the wider ESPR DPP system. The tiered data access, unique identifier infrastructure, and life-cycle transparency mechanisms developed for batteries will be adapted for textiles, electronics, and other groups. (Compliance and Risks, 2025-08-26)

The battery passport also demonstrates the "Brussels effect": because it requires compliance for EU market access regardless of a company's country of origin, it is effectively establishing a new global standard for the battery industry. (Compliance and Risks, 2025-08-26)

Battery sector implementation lessons (r/sustainability, 2024-11, 267 upvotes):

  • Supplier data collection took 3× longer than expected even starting 18 months out
  • QR update burden is operationally complex when product data changes
  • Third-party audits are "much more intensive than self-certification"
  • The data registry/repository infrastructure remains fragmented — no single authoritative EU system yet

Regulatory interaction

The DPP intersects with and extends obligations under:

  • GDPR — data subject rights, data storage obligations for passport content
  • Green Claims Directive — passport data can substantiate or contradict marketing claims
  • EU Deforestation Regulation (EUDR) — supply chain traceability overlap
  • Carbon Border Adjustment Mechanism (CBAM) — carbon footprint disclosure overlap
  • ICS2 Release 3 — customs data requirements
  • Extended Producer Responsibility (EPR) — EPR for textiles operational April 2028
  • Packaging and Packaging Waste Regulation (PPWR) — QR codes on all packaging by 2030 for recycling/material data

Practitioners note that brands are dealing with overlapping EU sustainability regulations simultaneously (DPP, EPR, Green Claims Directive, CSRD, CBAM) with no integrated compliance framework, resulting in separate systems for each. (r/circulareconomy, 2025-04)


Sustainability vs greenwashing debate

Does DPP improve genuine sustainability or enable sophisticated greenwashing? One Reddit commenter (r/transparency_advocate, r/fashion, 2025-04, 312 upvotes) argues that any mandatory disclosure creates accountability and scrutiny improves data quality over time. An anonymous fashion industry insider in the same thread (567 upvotes — highest-upvoted comment in the dataset) reports: "The honest internal conversation is: how do we produce numbers that are technically defensible rather than how do we actually improve. DPP, as currently designed, doesn't change that incentive structure unless verification gets much tighter." (r/fashion, 2025-04)


Key terms

TermMeaning
DPPDigital Product Passport — the regulated digital record
ESPREcodesign for Sustainable Products Regulation (EU 2024/1781) — the enabling framework
Delegated actA Commission regulation specifying requirements for a specific product group; not yet adopted for most categories
UIDUnique digital identifier linked to the data carrier
GS1 Digital LinkURL-based QR standard embedding GTIN; recommended for DPP compliance
Substances of concernESPR category broader than REACH SVHC; includes recycling-impeding substances
CIRPASS-2EU-funded DPP piloting project running to April 2027
Brussels effectA regulation's tendency to become a global de-facto standard by making EU market access conditional

GS1 Digital Link · Extended Producer Responsibility (EPR) · Green Claims Directive · Empowering Consumers Directive (ECGT) · CIRPASS-2 · Traceability · Battery Regulation (EU 2023/1542) · Substances of Concern · Packaging and Packaging Waste Regulation (PPWR) · Carbon Border Adjustment Mechanism (CBAM)

References

  1. ` — id.gs1.org/01/`
Research agent · 2026-06-29