Digital Product Passport for Importers — EU Obligations for Non-EU Manufacturers

The Importer Problem Nobody Tells You About

If you import physical goods into the EU, you probably already know that product regulations apply to you. CE marking, chemical restrictions under REACH, waste handling obligations — none of this is new. What is different about the Digital Product Passport is how aggressively it shifts liability toward importers when the manufacturer falls short.

Under the Ecodesign for Sustainable Products Regulation, the default obligation sits with the manufacturer. The manufacturer creates the passport, registers it, keeps it accurate, ensures it travels with the product. But here is the catch that every importer should understand before their compliance deadline arrives: when the manufacturer is established outside the EU and either has not created a DPP or has created one that does not meet the applicable requirements, the importer steps into the manufacturer's shoes — legally and fully.

This is not a secondary or fallback obligation. It is a direct, independent obligation. You cannot point to a contract with your supplier that says they are responsible for the DPP and use that to defend a market surveillance action. The regulation does not care about your supplier contract. It cares whether the product entering the EU market has a compliant DPP. If it does not, you are the responsible party.

The DPP requirements checklist is the place to start mapping what this means for your specific product categories. But this article focuses on what importers specifically must understand and act on.

When Importer Obligations Are Triggered

The trigger conditions are straightforward but worth stating precisely. You bear manufacturer-equivalent DPP obligations when:

1. The manufacturer is established outside the EU, and
2. The manufacturer has not appointed an authorised representative established in the EU who has accepted responsibility for DPP compliance, or
3. The manufacturer has appointed a representative but the DPP produced by that arrangement is non-compliant with the applicable delegated regulation.

The third condition is worth pausing on. It is not enough that a DPP exists. The importer must verify that the DPP is actually compliant — correct data fields, correct access levels, correctly registered in the EU registry, with a valid and scannable data carrier on the product. If you import a product with a QR code that links to a broken URL, you have a non-compliant DPP even if the underlying data is technically correct somewhere on a server.

The full DPP explainer describes what a compliant passport looks like structurally. For importers, the verification duty is not optional — it is part of your due diligence obligation before placing products on the EU market.

Verification Duties in Practice: What You Must Actually Check

Verification is not a legal formality. It requires substantive technical and commercial due diligence. Here is what that looks like in practice.

Before committing to a supplier: Establish whether the supplier can produce a DPP that meets the applicable delegated regulation for your product category. Not a general DPP — the specific one required for textiles, or electronics, or batteries, or whichever category applies. Ask for a sample passport for an existing product line. Query it. Check that the data carrier resolves to a live, structured data endpoint. Verify the registration in the EU registry once it is operational.

Before customs clearance: Each shipment arriving at an EU border should be verifiable against the DPP registry. Once the registry is live and your product category has a compliance deadline, customs authorities will be doing this check themselves. You want to catch non-compliant shipments before they do. This means having a process — not just a contract clause, but an actual operational process — for verifying DPP compliance on incoming goods.

On an ongoing basis: Passports must be kept up to date. A textile product's DPP that was accurate at the time of import may need updating if the recycled content percentage changes in subsequent production runs, or if a substance previously absent from the SVHC list gets listed. Your supplier contract should specify who is responsible for updates, but your operational process should include periodic verification that the passport data remains current and accurate.

This is not trivial to operationalise. The guide to creating a digital product passport covers the technical infrastructure needed. For importers managing large, diverse product portfolios, the answer is almost certainly a platform rather than a manual process — see the platform features if you are assessing options.

Authorised Representative Requirements

One way for non-EU manufacturers to discharge DPP obligations without putting the entire burden on importers is through an authorised representative (AR) established in the EU. The AR takes on a defined scope of responsibility by written mandate and becomes the point of contact for market surveillance authorities within the EU.

But the AR arrangement has limits that importers need to understand. An AR takes responsibility for specific tasks defined in the mandate — typically, holding documentation, being the contact point for authorities, and in some frameworks, being responsible for the passport's accuracy. The AR cannot be held responsible for physical product defects or for data that the manufacturer controls and has not shared.

This creates a potential gap: if your supplier appoints an AR but provides that AR with inaccurate data, the AR produces an inaccurate DPP, and you import the product relying on the AR's passport — who is liable? The answer, under the ESPR framework's economic operator chain, is that each actor who placed the non-compliant product on the market can be held accountable. Including you.

The practical upshot: even when a non-EU manufacturer has an authorised representative, importers retain a verification duty. You cannot contract your way out of market surveillance liability.

Product Categories Most Affecting Importers Right Now

Not every product category has a DPP compliance deadline yet. The ESPR works through delegated regulations, and the rollout is phased. For importers, the priority categories are:

Batteries. The EU Battery Regulation is already in force and contains the most advanced DPP requirements. Industrial batteries above defined thresholds face passport requirements from 2026. EV batteries follow shortly after. If you import batteries into the EU in any form — finished products, components, replacement units — this is your most immediate DPP obligation. The battery passport guide goes deep on this specific category.

Textiles and apparel. The Commission's 2023 ecodesign proposal for textiles targets 2027 compliance. Given the EU's heavy dependence on textile imports from Asia and the complexity of proving fibre-level material composition through a DPP, this is where importer obligations will create the most operational disruption. Start now.

Electronics and ICT products. Smartphones, laptops, tablets and other electronics are in the pipeline for DPP requirements. Many of these products are manufactured entirely outside the EU, which means the importer obligation will be nearly universal for this category.

Furniture. Less discussed, but significant. EU furniture imports are substantial, and the DPP requirements for furniture will include material sourcing documentation that many current supply chains are not equipped to provide.

For each of these categories, the ESPR regulation overview tracks the current status of delegated acts and expected compliance timelines.

What Market Surveillance Looks Like for Importers

Market surveillance is the enforcement mechanism. Understanding how it works for DPP non-compliance is not a theoretical concern — it is a risk management input.

Customs authorities at EU external borders will, once DPP requirements are in force for a product category, verify DPP compliance as part of the import procedure. This verification involves scanning the product's data carrier, resolving the registry lookup, and checking that the public-tier data fields required by the applicable delegated regulation are present and correctly formatted. Products that fail this check can be detained at the border pending further investigation.

Inland market surveillance — meaning inspections by national market surveillance authorities after a product is already in circulation — will use the same DPP registry lookup, plus they can exercise Tier Three access rights to inspect the full passport including restricted data. If they find discrepancies between the public-tier data and the Tier Three data, or between the passport data and physical product testing results, that is prima facie evidence of non-compliance.

Under the ESPR framework, Member States are required to report market surveillance actions to the EU Safety Gate system. A non-compliance finding in one Member State can therefore trigger inspections in others and feed into the Commission's monitoring of sectoral compliance rates.

The financial exposure from a detention, withdrawal order or penalty under Member State implementing legislation can far exceed the cost of proper DPP compliance implementation. Work through the DPP compliance checklist and the implementation options with that risk in mind.

Building Supplier Contracts for DPP Compliance

Even though contracts do not protect you from market surveillance liability, they are still essential for risk allocation and for ensuring your suppliers actually deliver what you need.

A DPP-ready supplier contract should include:

• A warranty that the product will have a compliant DPP when shipped to the EU
• Specifications defining what "compliant" means by reference to the applicable delegated regulation
• An obligation on the supplier to maintain and update the passport data for the product's commercial lifetime
• Access rights for you (the importer) to audit the passport data before and after shipment
• Indemnification provisions allocating costs of market surveillance actions where the non-compliance arose from the supplier's data
• Termination rights if the supplier repeatedly fails to provide compliant DPPs

Some importers are building DPP data collection clauses into their RFQ (Request for Quotation) processes, so that supplier qualification now includes DPP capability assessment. This is particularly important for product categories with 2026 or 2027 deadlines — you do not have time to discover non-compliant suppliers after the compliance date.

Frequently Asked Questions

If my non-EU supplier creates a DPP, do I still have obligations as an importer?

Yes. Even if your supplier creates a DPP, you retain a verification duty as the importer. You must check that the passport is genuinely compliant — correct data fields, valid registration, working data carrier — before placing the product on the EU market. You cannot rely solely on your supplier's assurance without verification.

What is an authorised representative and does having one remove my DPP obligations?

An authorised representative (AR) is an EU-established entity that accepts DPP responsibilities on behalf of a non-EU manufacturer by written mandate. Having an AR reduces the importer's obligations but does not eliminate them entirely. Importers still retain a duty to verify that the AR's passport is compliant.

Which product categories have the most urgent DPP obligations for importers?

Batteries are the most urgent, with EU Battery Regulation DPP requirements applying from 2026 for industrial batteries. Textiles and electronics follow with expected compliance deadlines around 2027. Importers in these categories should begin supplier engagement and internal systems preparation immediately.

Can customs authorities reject a shipment because of a non-compliant DPP?

Yes. Once DPP requirements are in force for a product category, customs authorities at EU external borders are empowered to verify DPP compliance as part of the import procedure. Products without a compliant DPP — including products with a DPP that links to a broken URL — can be detained at the border.

How long must a DPP remain accessible after a product is placed on the market?

Under the ESPR framework, the DPP must remain accessible for the entire expected lifetime of the product plus a period specified in the applicable delegated regulation — typically 10 years after the last unit of a product model was placed on the market. Importers responsible for the DPP must ensure this long-term availability.