Understanding the Digital Product Passport (DPP)

Understanding the Digital Product Passport (DPP)

by

The EU Digital Product Passport registry goes live on July 19, 2026 under Article 13 of Regulation (EU) 2024/1781. From 18 February 2027 onward, DPPs will be implemented in commercial operation. This article describes what the DPP is and how to build one, what companies must disclose, and ultimately, how a company can prepare their data to reduce their workload. 

What is the DPP?

The Digital Product Passport is a structured, machine-readable dataset attached to a specific product unit. It is accessible through a data carrier (a QR code, an RFID tag, an NFC chip, or some combination of those) that follows internationally recognised identifier standards. Articles 9 to 15 and Annex III of ESPR define the legal framework. Annex I lists the parameters that the data can cover.

The data itself is held in a decentralised, federated system. The economic operators hold the data. The European Commission holds the registry that points to it. The DPP is not a single, central database. It is a resolution layer that lets any authorised party find the right record from a single scan.

The DPP is not a consumer-facing object. The consumer view is the thinnest tier of a much deeper data structure designed for market surveillance, recyclers, repairers, and authorised supply-chain operators.

Figure 1. EU Digital Product Passport sector rollout, 2026–2030 (indicative).

What does the DPP change?

The DPP turns sustainability claims into structured, audit-grade data that any authorised party can pull on demand for the full commercial life of the product. The mandatory spine covers:

  • Product identification: a Unique Product Identifier (UPI), typically a serialised GTIN under GS1 Digital Link, plus model, batch or lot, and brand.
  • Operator identification: a Unique Operator Identifier (UOI) and Unique Facility Identifier (UFI) for manufacturer, importer and supply-chain facilities.
  • Material composition: what the product is made of, by mass or proportion, to the granularity defined by the delegated act.
  • Substances of concern: declarations tied to the SCIP database operated by ECHA.
  • Recycled content: pre-consumer and post-consumer fractions, with chain-of-custody evidence (not self-declarations).
  • Embodied carbon: per functional unit, covering Scope 1, Scope 2 and relevant Scope 3.
  • Durability and reparability: scoring, expected lifetime, spare-parts availability, disassembly information.
  • End-of-life: disassembly maps, recyclability assessments, routing instructions.

Industry conversations put the per-product field count somewhere between 70 and 200, depending on category and depth. The final delegated act for each sector gives the binding number.

Regulations behind the DPP

Three pieces of infrastructure had to be built before the DPP could function operationally. As of mid-2026, all three are in advanced stages.

The Registry

Article 13 of ESPR requires the European Commission to establish the EU DPP registry by 19 July 2026. It auto-generates unique identifiers and maintains a discovery layer for market-surveillance authorities and authorised parties. The registry is not where the data lives. It is where the data is located.

The Standards – CEN-CENELEC JTC 24

JTC 24 is finalising eight horizontal European standards covering unique identifiers, data carriers, access-rights management, system security, interoperability, archiving and APIs. The EN 1821x series is expected to publish in 2026, with referencing in delegated acts staged from 2027. In February 2026, CEN-CENELEC signed a liaison agreement with the OPC Foundation to align the DPP standards with OPC UA.

The Ontology – CIRPASS-2 + JRC

CIRPASS-2 (May 2024 – April 2027) delivered the EU DPP Core Ontology in March 2025. Forty-nine partners are running thirteen lighthouse pilots across textiles, electronics, tyres and construction. On 19 March 2026, the JRC published JRC145830, the methodology that will populate the data fields for every delegated act to come.

The DPP’s Essence – Tiered Access 

How does “Tiered Access” work?

The DPP is, in essence, a QR code. That’s what the human eye can see. But the innovation comes from what happens once a device scans it. Based on the device’s role, different information can be transmitted to the device, making public information public and keeping secure information secure. 

Figure 2. DPP architecture: federated data, centralised discovery, with the sustainability analytics layer as the source.

That data must be stored somewhere and maintained by the producing company, or that information might as well not exist. Even worse, A QR code could be linked to a spreadsheet that diverges from the audited LCA, which would be, in compliance terms, worse than if the product had no QR code at all. 

Building a “Sustainability Analytics” layer is critical to ensure data stays up to date and in sync across a company’s myriad systems and processes. This can be done in one audit-compliant system, and “Tiered Access” is the method by which the correct data is sent to the correct stakeholders. 

Consumer (Public)

Scan with any smartphone. No authentication.

  • Product identification and brand
  • Recycled-content percentage, energy class, repairability score
  • Care, repair and end-of-life instructions

Authenticated Operator (Restricted)

Recyclers, refurbishers, professional repairers, second-hand dealers, raw-material recovery facilities.

  • Disassembly map and component inventory
  • Substance-of-concern declarations (SCIP-linked)
  • Chemical-treatment history and material breakdown
  • Spare-parts identifiers

Market Surveillance (Regulatory)

National authorities, regulators, customs.

  • Full DPP – all fields visible
  • Supplier identity and facility identifiers (UOI / UFI)
  • Confidential chain-of-custody evidence
  • API access for systematic interrogation across thousands of products

Figure 3. Tiered access model – same QR code, three different data views.

Sector Rollout

No dates are binding for product-specific obligations until each delegated act is adopted.

19 Jul 2026 – EU DPP Registry goes live (Article 13)

12 Aug 2026 – PPWR (Reg. (EU) 2025/40) labelling requirements apply; digital identifier rollout from 2027

18 Feb 2027 – Battery Passport mandatory (EV, industrial, LMT, >2 kWh) – Reg. (EU) 2023/1542

2028 – Iron and steel DPP application (delegated act late 2026). Apparel textiles DPP application (delegated act late 2026 / Q2 2027)

2028–2029 – Electronics and ICT / EEE; furniture (2028), mattresses (2029), tyres on a comparable track

2029–2030 – Construction products (CPR alignment); ESPR Working Plan mid-term review in 2028

Why does a DPP matter for your business?

First, it forces companies to hold structured, audit-grade product data on demand for the full commercial life of the product and ten years beyond. Second, the same dataset feeds ESPR, PPWR, the Carbon Border Adjustment Mechanism, CSRD, the EU Deforestation Regulation, and the Batteries Regulation in parallel. Build the data layer once and it streams to all of them. Build it four times in four parallel projects and the four datasets diverge within eighteen months. Third, the design and supplier-engagement decisions a company makes in 2026 will shape its DPP cost base for the next decade.

What does this mean in practice? Companies need one product dataset that can feed DPP, PPWR, CBAM, CSRD and customer reporting in parallel. 

Figure 4. The DPP as the spine of EU sustainability disclosure: one dataset, many regulatory destinations.

What do you need to be ready?

1 – A complete Bill of Product for every in-scope SKU

2 – Cradle-to-grave LCA on every product, with embodied-carbon outputs

3 – Recycled-content tracking with chain-of-custody evidence

4 – An analytics platform that feeds DPP, PPWR, CBAM and CSRD from one dataset

Disclaimer

This page reflects the text of Regulation (EU) 2024/1781 (ESPR), Regulation (EU) 2023/1542 (Batteries), Regulation (EU) 2025/40 (PPWR), the European Commission’s ESPR Working Plan COM(2025) 187 final, and the JRC methodology JRC145830 published on 19 March 2026. Sector-specific data fields will be locked once each delegated act is adopted. The CEN-CENELEC EN 1821x series is in advanced drafting and is expected to publish in 2026, with referencing in delegated acts staged from 2027. Indicative application dates for iron and steel, textiles, electronics, furniture, tyres, mattresses and construction products will be confirmed by their respective delegated acts in 2026–2030. We will update this page as each delegated act is published.

Comments are closed.