What Is the EU DPP Registry?
The EU Digital Product Passport registry is the centralised infrastructure that makes the entire DPP system work. Without a registry, a passport is just a data file floating in a silo — useful to no one. The registry is what binds together manufacturers, importers, distributors, customs authorities and recyclers into a single, machine-readable chain of information.
At its core, the registry stores product identifiers and the location pointers to the actual passport data. It does not necessarily hold every piece of sustainability information itself; rather, it holds the digital links — often called "data carriers" — that tell authorised parties where to find that data and how to access it. Think of it as a switchboard for product identity, not a monolithic product database.
Before products can circulate freely in the EU market under the Ecodesign for Sustainable Products Regulation (ESPR), they must be registered. That obligation sits squarely in the DPP compliance checklist that every manufacturer and importer should work through before placing goods on the European market.
Who Operates the Registry?
The European Commission is tasked with establishing and maintaining the EU DPP registry infrastructure, working in close coordination with ECOS and other standards bodies. In practice, the Commission has signalled that the registry will be distributed rather than monolithic — meaning sector-specific registries (for batteries, textiles, electronics, construction products) may operate under a shared technical architecture rather than a single, one-size-fits-all database.
The Battery Regulation, which entered into force ahead of ESPR and serves as something of a blueprint, provides the clearest existing model. Under that framework, the Commission operates the central registry accessible at EU level, while economic operators interact with it through APIs and conformity declaration procedures. The battery passport experience will heavily inform how future product-sector registries are built.
Member States retain a supervisory role. National market surveillance authorities are granted read access so they can cross-reference product identifiers during inspections, border checks and complaint investigations. This is not merely a suggestion — it is a core design requirement of the registry architecture.
How Registration Works: The Step-by-Step Process
Registration is not a one-time file upload. It is a structured sequence of interactions with the registry infrastructure. Here is how it typically works for a product falling under a delegated regulation that mandates a DPP:
First, the economic operator — usually the manufacturer or their authorised representative — obtains a unique product identifier. This identifier conforms to the ISO/IEC 15459 standard for unique identifiers and is embedded in the data carrier that physically accompanies the product (QR code, RFID chip, data matrix, or similar).
Second, the operator submits a registration record to the registry. This record includes the identifier itself, the class of product, the regulatory framework applicable, the location (URL or API endpoint) of the actual passport data, access-level metadata telling the registry who can retrieve what, and the identity of the registrant.
Third, once accepted, the registry issues confirmation and the product identifier becomes searchable by authorised parties. Any subsequent update to the passport data — a change in recycled content percentage, a repair record, an end-of-life reclassification — must trigger an update to the location pointer if the data has moved, and in many cases must be logged in an audit trail.
This process is explained in detail in the Commission's draft implementing acts and is tightly coupled with the broader obligations described in the DPP requirements checklist. If you are building a DPP system internally, your platform needs to handle this registration handshake programmatically — manual CSV uploads will not scale.
What Data Is Stored in the Registry?
There is often confusion between the registry and the passport itself. The registry stores metadata and pointers. The passport — which may live on a manufacturer's own server, a trusted third-party platform, or a cloud storage system — stores the substantive product data.
Registry-level data typically includes:
- The unique product identifier (and any batch or serial-level identifiers where required)
- The product category and applicable delegated regulation reference
- The economic operator's legal identity (usually an EORI number or equivalent)
- The data location pointer (URI/URL to the passport)
- Access control flags indicating which data layers are public, restricted or confidential
- Timestamps for registration and subsequent updates
- A hash or checksum enabling verification of data integrity
What the registry does not store, in most current proposals, is the substantive sustainability data itself — carbon footprint, material composition, repairability scores. That data lives at the passport layer. This architecture matters practically: it means a manufacturer's internal data need not all flow to a Commission-operated server, reducing concerns about confidential business information exposure. The ESPR regulation carefully navigates this tension.
Market Surveillance Integration
Market surveillance authorities (MSAs) across EU Member States have direct integration rights with the registry. This is not a peripheral feature — it is one of the primary reasons the registry exists at all.
When a customs officer at Rotterdam port scans a product's QR code, the data carrier resolves to the registry, which authenticates the query and returns the appropriate data layer. For a customs authority, this might include: product class, applicable regulation, conformity declaration reference, and any active recall or non-conformity flags. The officer does not get access to commercially sensitive supplier contracts or proprietary formulations — but they do get everything needed to make an enforcement decision on the spot.
The integration extends to the EU Safety Gate (RAPEX) and to TRACES (Trade Control and Expert System) for products subject to import controls. A product flagged as non-compliant in one Member State can trigger an alert propagated through the registry to all border points. This is a meaningful shift from the current situation, where enforcement actions in one country rarely affect checks in another quickly enough to matter.
For businesses, this means that an incorrectly registered product or a passport with stale data is not just an administrative problem — it is an enforcement risk. Your registry entries need to be accurate, current and resolvable at all times. The guide to creating a digital product passport covers the technical steps to ensure your data stays live and retrievable.
Timeline and Sector Rollout
The registry infrastructure does not go live for all product categories simultaneously. The ESPR framework works through product-specific delegated regulations, each with its own implementation timeline. Batteries are the furthest along, with the Battery Regulation establishing passport requirements from 2027 for EV batteries and from 2026 for industrial batteries above certain thresholds.
Textiles and apparel are next in line, with DPP requirements currently scheduled for 2027. Electronics, furniture, tyres, detergents and construction products follow in subsequent waves through 2030. In each case, the registry for that product category must be operational before the compliance deadline — meaning the Commission faces its own implementation pressure that has bearing on when manufacturers must connect their systems.
The practical implication for businesses is to not wait for the final registry specification before beginning internal data preparation. The data you will need to register — product identifiers, supplier chain data, material declarations — takes time to collect and quality-assure. Starting now, even against a draft specification, puts you in a much stronger position. See the implementation options available if you are looking for a platform to begin that work.
Confidential Business Information: What Is Actually Protected?
This is the question that keeps procurement managers awake. If every competitor can query the DPP registry and pull full material composition data, the trade secret implications are severe. The regulation recognises this.
The three-tier access model — which the access control article in this cluster covers in depth — means that commercially sensitive data is not publicly accessible. Supplier identities, precise formulation percentages, and manufacturing process details fall into restricted or confidential tiers accessible only to authorised economic operators and competent authorities. Public-facing data is limited to what a consumer or waste operator needs: material classes, hazardous substance presence/absence, repairability index, recycled content ranges.
The registry itself enforces these access rules at the query level. A public query (unauthenticated) returns only public-tier data. An authenticated query from a verified economic operator returns additional layers. A market surveillance authority with the appropriate credentials gets the broadest read access permitted by law.
This architecture is still being finalised in the implementing acts, and some sectors — notably textiles with complex global supply chains — are lobbying hard for stricter confidentiality provisions around Tier 2 supplier identities. The full DPP explainer covers the policy background driving these design choices.
Frequently Asked Questions
- Is the EU DPP registry live yet?
- The EU DPP registry is not yet live for most product categories. The Battery Regulation establishes the first operational registry requirements, with deadlines from 2026 for industrial batteries. For ESPR-covered products like textiles and electronics, the registry infrastructure is being developed ahead of compliance deadlines expected from 2027 onward.
- Who is responsible for registering a product in the DPP registry?
- The manufacturer is primarily responsible. When the manufacturer is established outside the EU and has not appointed an authorised representative, the importer assumes this obligation. Economic operators must register before placing products on the EU market.
- What happens if a product is not registered in the EU DPP registry?
- Unregistered products cannot legally be placed on the EU market once DPP requirements apply to their category. Market surveillance authorities and customs can detain products at the border or order their withdrawal. Penalties are set by Member States and can be significant.
- Can the registry be queried by the public?
- Yes, but only for public-tier data. Unauthenticated queries return basic product class information and consumer-relevant sustainability data. Commercially sensitive information is protected behind authentication layers accessible only to verified economic operators and market surveillance authorities.
- Do small businesses need to interact with the DPP registry directly?
- Yes, if their products fall under a delegated regulation requiring a DPP. However, SMEs can work through authorised representatives or use platform providers that handle the registry API integration on their behalf. The obligation remains, but the technical implementation can be delegated.