Every few months, a consultant or technology vendor publishes a white paper explaining how blockchain will solve the Digital Product Passport challenge. The claims are often compelling: immutable records, decentralised trust, tamper-proof provenance. The reality, once you get past the slide deck, is considerably more complicated.
Blockchain is a specific tool with specific trade-offs. For some DPP use cases, those trade-offs are genuinely favourable. For others, blockchain adds cost, complexity, and latency without providing any capability that a simpler technology cannot deliver more cheaply. The EU has been conspicuously careful not to mandate blockchain for DPP infrastructure — a deliberate choice that deserves examination.
This is an honest assessment of where blockchain adds real value in Digital Product Passport implementations, where it does not, and what the practical alternatives look like.
What blockchain actually does — and what it does not
Before assessing blockchain for DPP use cases, it helps to be precise about what a blockchain provides. A blockchain is a distributed ledger: a data structure where records (blocks) are cryptographically linked in sequence, copies of which are held by multiple independent participants. The cryptographic linking makes it computationally infeasible to alter an earlier record without invalidating all subsequent records — and the distributed copies mean no single participant controls the canonical version.
What this gives you: a record that is extremely difficult to alter retroactively, maintained without a trusted central authority, and verifiable by any participant who holds a copy.
What this does not give you: any guarantee that the data entered into the blockchain was accurate when it was entered. A blockchain can tell you that a record was created at a specific time and has not been altered since. It cannot tell you whether the record accurately reflects physical reality. A manufacturer who enters false material composition data into a blockchain creates an immutable false record. Garbage in, immutable garbage out.
This is sometimes called the "oracle problem" — the gap between physical reality and digital representation. For Digital Product Passports, which are fundamentally about attesting to physical product properties, the oracle problem is central. Blockchain solves a data integrity problem; it does not solve a data accuracy problem.
Where blockchain genuinely adds value in DPP contexts
There are specific DPP use cases where blockchain's properties provide real advantages that simpler alternatives cannot match.
Multi-party supply chains with adversarial participants. Consider a mineral supply chain involving artisanal miners, aggregators, smelters, battery manufacturers, and automotive OEMs — each with different commercial interests, in different jurisdictions, with no common trusted authority. A centralised database requires someone to operate it, and whoever operates it has control over the data. A permissioned blockchain operated jointly by supply chain participants — where no single party can alter records unilaterally — provides provenance attestation that is more credible than any single operator's claims. The Responsible Minerals Initiative and several cobalt traceability pilots have used this model with genuine success.
Long-lived products with multiple ownership changes. An industrial battery may pass through three or four owners over a twenty-year life. Each owner needs access to the full history — not just the current state — and needs confidence that the history has not been edited. A blockchain record of service events, capacity tests, and ownership transfers is inherently more trustworthy than a database record maintained by the current owner, who has an obvious incentive to edit unflattering history before a resale.
Cross-border certification without bilateral trust relationships. A customs authority in Poland verifying a DPP for a product manufactured in Vietnam, certified by an auditor in Germany, has no direct relationship with any of those parties. Verifying a blockchain record with a known validator set requires no trust in any individual party — only trust in the cryptographic protocol. This is genuinely useful for cross-border regulatory compliance scenarios.
The EU Battery Passport is the most concrete near-term DPP use case where blockchain has a plausible role. The supply chain is complex, the product lifetime is long, ownership changes are common, and the regulatory stakes — correct carbon footprint and recycled content attestation — are high enough to justify the overhead.
Where blockchain is unnecessary overhead
For most DPP implementations under the ESPR regulation, blockchain is not necessary. The reasons are worth spelling out.
Single-party data ownership. If a brand generates its own DPP data — material composition, product specifications, repair manuals — and is the sole author of that data, blockchain provides no multi-party trust benefit. The brand's database is already the authoritative source; distributing copies across a blockchain network adds infrastructure cost without adding trust.
Short product lifetimes. A garment with an eighteen-month useful life does not need an immutable twenty-year audit trail. The DPP data needs to be accessible during the product's life and for a reasonable period after disposal — this is a data availability and access control problem, not an immutability problem.
Regulated environments with existing trust infrastructure. In sectors where certification bodies, notified bodies, and accreditation authorities already provide trusted attestation — medical devices, construction products — adding a blockchain layer duplicates existing trust infrastructure without reducing regulatory burden. Market surveillance authorities are not going to accept blockchain records as a substitute for CE certification; they will require both.
Cost-sensitive product categories. The infrastructure cost of a permissioned blockchain network — node operations, transaction fees on public chains, development and maintenance — is non-trivial. For a €5 consumer product with razor-thin margins, this cost structure does not work. The DPP requirements for such products are better served by a lightweight resolver architecture built on standard web infrastructure.
The EU's position: deliberate technology neutrality
The EU Commission has been careful to avoid mandating blockchain in its DPP technical specifications. The ESPR regulation, the Battery Regulation, and the draft delegated acts for textiles and electronics all describe functional requirements — data must be accessible, authentic, and tamper-evident — without specifying how those requirements must be met technically.
This neutrality is deliberate. European DG CONNECT published a detailed analysis of blockchain for industrial applications in 2020, and its conclusions were nuanced: blockchain has specific valid use cases but is frequently proposed for problems that do not require it. Mandating blockchain for all DPPs would impose unnecessary infrastructure costs on brands in categories where simpler solutions work equally well.
What the regulation does require — tamper-evident records, cryptographic integrity, auditability — can be achieved through several technical approaches. W3C Verifiable Credentials, hash-anchored timestamping services (like OpenTimestamps), and content-addressed storage (like IPFS) all provide cryptographic integrity guarantees without requiring a full blockchain infrastructure. The GS1 Digital Link resolver architecture used by the leading DPP platforms is designed to integrate with any of these approaches.
Practical alternatives that solve the same problems
If the goal is tamper-evident DPP data without full blockchain infrastructure, several approaches are worth understanding.
W3C Verifiable Credentials with cryptographic signing. A VC signed by the manufacturer's private key can be independently verified by any downstream party. The signature is tamper-evident — altering the VC invalidates the signature. This is effectively the same integrity guarantee as a blockchain record, without the distributed ledger. The downside is key management: if the manufacturer's private key is compromised, all their VCs are suspect. Key rotation and revocation infrastructure is required, which adds complexity but is well-understood.
Hash anchoring on public blockchains. Rather than storing DPP data on a blockchain, store the data in a conventional database and publish a cryptographic hash of the data on a public blockchain. The hash anchors the data to a specific point in time — any subsequent modification of the data would produce a different hash, detectable by comparison. This provides timestamp integrity and tamper evidence at a fraction of the cost of a full blockchain implementation. The Bitcoin blockchain has been used for this purpose since 2013; Ethereum and several other chains support it natively.
Permissioned databases with audit logs. For many DPP use cases, a well-designed permissioned database with cryptographically signed audit logs is sufficient. PostgreSQL with row-level security, audit logging, and signed log shipping provides tamper evidence and access control that meets regulatory requirements without blockchain overhead. The key is the audit log architecture — logs must be append-only and verifiably complete.
The right choice among these approaches depends on the specific DPP use case, the number of parties involved, the product lifetime, and the cost structure. The guide to creating a Digital Product Passport addresses this decision framework in detail.
Hybrid approaches: when to combine blockchain with conventional infrastructure
The most pragmatic implementations often combine blockchain for the layers where it genuinely adds value with conventional infrastructure for everything else. A battery supply chain might use a permissioned blockchain to record mineral provenance from mine to smelter — the highest-trust-deficit segment of the chain — while using conventional database infrastructure for product specifications, consumer-facing DPP data, and repair documentation.
This hybrid approach avoids the common mistake of using blockchain for everything because it is being used for something. The architectural question is always: at which layer is the multi-party trust problem real and unsolvable by simpler means? Blockchain belongs at that layer, and only that layer.
Several platforms are building exactly this architecture for battery and critical mineral DPP use cases — a blockchain layer for provenance attestation, feeding into a conventional resolver that serves the full DPP data set to consumers, recyclers, and regulators. Our platform's architecture is designed to integrate with blockchain provenance layers where they exist, without requiring them where they do not.
Frequently asked questions
Does the EU require blockchain for Digital Product Passports?
No. The EU's DPP regulations — including the ESPR regulation and the Battery Regulation — are technology-neutral. They specify functional requirements (tamper-evident records, data accessibility, auditability) without mandating blockchain as the implementation technology. Brands can meet DPP requirements using blockchain, W3C Verifiable Credentials, hash anchoring, or other approaches, provided the functional requirements are satisfied.
Does blockchain prevent data fraud in Digital Product Passports?
Blockchain prevents retroactive alteration of records that have already been entered — it provides immutability for existing data. It does not prevent false data from being entered in the first place. A manufacturer can enter inaccurate material composition data into a blockchain and create an immutable false record. Preventing data fraud requires off-chain verification mechanisms: third-party audits, physical testing, certified attestation — which blockchain records can reference but cannot replace.
What is the oracle problem in blockchain DPP implementations?
The oracle problem refers to the gap between physical reality and digital representation. A blockchain can guarantee that a digital record was created at a specific time and has not been altered since. It cannot guarantee that the record accurately reflects the physical product it describes. For DPPs, where data is meant to attest to physical product properties (material content, carbon footprint, repairability), the oracle problem means blockchain integrity alone is insufficient — data accuracy must be assured through physical verification and third-party certification.
What is hash anchoring as an alternative to blockchain for DPP?
Hash anchoring involves computing a cryptographic hash of your DPP data and publishing that hash on a public blockchain (or timestamping service), without storing the data itself on-chain. The hash serves as a fingerprint — any subsequent modification of the DPP data produces a different hash, making tampering detectable. This provides timestamp integrity and tamper evidence at a fraction of the cost of full blockchain infrastructure, and is sufficient for many DPP compliance use cases.
Which DPP use cases are best suited to blockchain?
Blockchain is most valuable for DPP use cases involving multi-party supply chains with no common trusted authority, long-lived products with multiple ownership changes, and cross-border certification where bilateral trust relationships do not exist. Battery supply chain provenance — tracking minerals from mine to finished cell through multiple independent companies in multiple countries — is the clearest current example. Fast-moving consumer goods with short lifetimes and single-party data ownership rarely benefit from blockchain.
Is a permissioned blockchain better than a public blockchain for DPP?
For most DPP use cases, a permissioned blockchain — where participation is controlled and validators are known organisations — is more appropriate than a public blockchain. Permissioned blockchains offer higher transaction throughput, lower costs, and governance structures compatible with regulated industries. Public blockchains offer stronger censorship resistance and broader verifiability, but most DPP compliance scenarios do not require resistance to nation-state-level censorship.
Does the EU require blockchain for Digital Product Passports?
No. The EU's DPP regulations — including the ESPR regulation and the Battery Regulation — are technology-neutral. They specify functional requirements (tamper-evident records, data accessibility, auditability) without mandating blockchain as the implementation technology. Brands can meet DPP requirements using blockchain, W3C Verifiable Credentials, hash anchoring, or other approaches, provided the functional requirements are satisfied.
Does blockchain prevent data fraud in Digital Product Passports?
Blockchain prevents retroactive alteration of records that have already been entered — it provides immutability for existing data. It does not prevent false data from being entered in the first place. A manufacturer can enter inaccurate material composition data into a blockchain and create an immutable false record. Preventing data fraud requires off-chain verification mechanisms: third-party audits, physical testing, certified attestation — which blockchain records can reference but cannot replace.
What is the oracle problem in blockchain DPP implementations?
The oracle problem refers to the gap between physical reality and digital representation. A blockchain can guarantee that a digital record was created at a specific time and has not been altered since. It cannot guarantee that the record accurately reflects the physical product it describes. For DPPs, where data is meant to attest to physical product properties (material content, carbon footprint, repairability), the oracle problem means blockchain integrity alone is insufficient — data accuracy must be assured through physical verification and third-party certification.
What is hash anchoring as an alternative to blockchain for DPP?
Hash anchoring involves computing a cryptographic hash of your DPP data and publishing that hash on a public blockchain (or timestamping service), without storing the data itself on-chain. The hash serves as a fingerprint — any subsequent modification of the DPP data produces a different hash, making tampering detectable. This provides timestamp integrity and tamper evidence at a fraction of the cost of full blockchain infrastructure, and is sufficient for many DPP compliance use cases.
Which DPP use cases are best suited to blockchain?
Blockchain is most valuable for DPP use cases involving multi-party supply chains with no common trusted authority, long-lived products with multiple ownership changes, and cross-border certification where bilateral trust relationships do not exist. Battery supply chain provenance — tracking minerals from mine to finished cell through multiple independent companies in multiple countries — is the clearest current example. Fast-moving consumer goods with short lifetimes and single-party data ownership rarely benefit from blockchain.
Is a permissioned blockchain better than a public blockchain for DPP?
For most DPP use cases, a permissioned blockchain — where participation is controlled and validators are known organisations — is more appropriate than a public blockchain. Permissioned blockchains offer higher transaction throughput, lower costs, and governance structures compatible with regulated industries. Public blockchains offer stronger censorship resistance and broader verifiability, but most DPP compliance scenarios do not require resistance to nation-state-level censorship.
Blockchain is a powerful tool for a specific class of problems: multi-party trust in adversarial environments, long-lived audit trails across ownership changes, cross-border verification without bilateral trust. For DPP implementations that fit this profile — particularly battery and critical mineral supply chains — blockchain deserves serious evaluation. For the majority of DPP use cases, simpler approaches using W3C Verifiable Credentials, hash anchoring, or well-designed permissioned databases deliver the same compliance outcomes at lower cost and complexity.
The right starting point for any DPP implementation is the data carrier and identity layer — how physical products are linked to their digital records. The GS1 Digital Link specification provides that foundation, and the choice of backend trust infrastructure — blockchain or otherwise — can be made and revised independently. If you are mapping out the architecture for your DPP programme, the requirements checklist and platform options are the natural next steps.