A digital product passport (DPP) is a structured, machine-readable digital record that carries a product's sustainability, composition, and lifecycle data — accessible via a QR code or data carrier on the product itself. Required under the EU's Ecodesign for Sustainable Products Regulation (ESPR, Regulation 2024/1781), the DPP enables consumers, recyclers, and regulators to access verified information about where a product comes from, what it contains, and how it should be handled at end of life. Batteries are first, with mandatory DPPs from February 2027. Textiles and electronics follow in 2027-2028.
If that sounds like a lot of bureaucracy, I get it. But having spent the last two years working with companies preparing for these deadlines, I can tell you this: the digital product passport is arguably the most consequential piece of product regulation the EU has passed since REACH. And most companies still aren't taking it seriously enough.
Why the EU Decided Products Need Digital Passports
The motivation behind the digital product passport is surprisingly straightforward. The European Commission looked at how products move through the EU single market and found a massive information gap. Manufacturers knew what was in their products. Consumers didn't. Recyclers didn't. Regulators couldn't verify sustainability claims without expensive, product-by-product investigations.
That information asymmetry had real consequences. Around 40% of green claims made by companies in the EU were found to be exaggerated or entirely unsubstantiated, according to the Commission's own screening. Products designed to fail after a year or two were marketed as "sustainable." Materials that should have been recycled ended up in landfills because nobody downstream had the data needed to separate and process them properly.
The ESPR regulation was the EU's answer: a framework that mandates specific product information be collected, standardised, and made digitally accessible throughout a product's entire lifecycle. The digital product passport is the vehicle that carries that information.
It's worth noting that this isn't an isolated EU initiative. South Korea launched its own DPP pilot in 2025. The UK's product sustainability framework references the EU model extensively. China's green product certification system is evolving toward similar data requirements. The EU is first, but it won't be alone for long.
The ESPR Regulation: The Law Behind the Passport
The Ecodesign for Sustainable Products Regulation — ESPR for short, formally EU Regulation 2024/1781 — entered into force on 18 July 2024. It replaces the older Ecodesign Directive (2009/125/EC), which covered roughly 31 energy-related product groups. The new regulation's scope is dramatically broader: virtually all physical products sold on the EU market, with the only explicit exclusions being food, animal feed, and medicinal products.
But here's the nuance that trips people up: the ESPR is a framework regulation. It sets up the legal architecture, but the specific product requirements — including exactly when a DPP becomes mandatory for each product category — are defined through delegated acts. Think of the ESPR as the building code, and delegated acts as the blueprints for each room.
The first working plan for these delegated acts, published by the Commission in April 2024, prioritised sectors where environmental impact is highest:
- Iron, steel, and aluminium — massive carbon footprints in production
- Textiles and footwear — fast fashion waste and microplastics
- Electronics and ICT — planned obsolescence and e-waste
- Furniture — durability and flame retardant chemicals
- Tyres — microplastic emissions during use
- Detergents, paints, lubricants — chemical safety
Batteries already have their own dedicated regulation (EU Regulation 2023/1542) with the earliest hard deadline: February 18, 2027. For the other sectors, delegated acts are expected between 2025 and 2028, with compliance deadlines typically 18-24 months after each act is adopted.
For a deeper dive into how delegated acts work and which sectors come when, see the ESPR delegated acts timeline.
What Data Does a Digital Product Passport Actually Contain?
The exact fields vary by product category, but the ESPR defines a common data architecture that every DPP must follow. Having reviewed draft delegated acts and participated in industry consultations, here's how the data structure breaks down in practice.
Product Identity and Traceability
Every DPP starts with a unique product identifier — typically following the GS1 Digital Link standard — that connects the physical object to its digital record. This section also includes manufacturer name, facility location, model number, production date, and batch or serial number depending on the product category.
Material Composition and Substances of Concern
A detailed bill of materials listing key components and their composition. Recycled content percentages are recorded here, along with any substances of concern as defined under REACH and CLP regulations. For batteries, this extends to specific sourcing declarations for cobalt, lithium, nickel, and natural graphite.
Environmental Footprint
Lifecycle carbon footprint data (in kg CO2 equivalent), energy efficiency classifications where applicable, and water usage metrics for relevant product categories. Some sectors will require third-party verified carbon data — a requirement that has significant cost implications for manufacturers who haven't established LCA (lifecycle assessment) processes.
Durability, Repair, and Maintenance
Expected product lifespan, repairability score, spare parts availability and pricing, links to repair manuals, and authorised service centre information. This is the section that directly supports the EU's right-to-repair agenda.
End-of-Life Instructions
Disassembly instructions for recyclers, recyclability classification, hazardous waste handling requirements, and nearest collection point information. This data transforms the DPP from a compliance document into a practical tool for the circular economy.
Compliance and Certification
CE marking references, declaration of conformity, relevant test reports, and third-party certification records. This is the layer that market surveillance authorities rely on most heavily.
| Data Category | Key Fields | Who Accesses It |
|---|---|---|
| Product identity | Unique ID, manufacturer, model, facility, batch/serial | All actors |
| Material composition | Bill of materials, recycled content %, substances of concern | Recyclers, authorities |
| Environmental footprint | Carbon footprint (kg CO2e), energy class, water usage | Consumers, authorities |
| Durability & repair | Lifespan, repairability score, spare parts, repair manuals | Consumers, repair operators |
| End-of-life | Disassembly instructions, recyclability, collection points | Recyclers, waste operators |
| Compliance | CE marking, conformity declaration, test reports | Authorities, importers |
An important detail: not all data is visible to everyone. The ESPR establishes a three-tier access model — consumer access, economic operator access, and authority-only access. A consumer scanning a QR code on a t-shirt will see the environmental footprint and care instructions. A recycler will see detailed material composition. A market surveillance inspector will see the complete compliance record. For more on how this works technically, the DPP access control guide covers the permission architecture.
Which Products Are Affected and When?
This is the question I hear most often, and the answer requires some nuance. In theory, almost every physical product sold on the EU market will eventually need a DPP. In practice, implementation is phased by sector, and the timelines look like this:
Batteries — February 2027 (Confirmed)
This is the only hard, legally fixed deadline currently on the books. EU Regulation 2023/1542 requires that industrial batteries, EV batteries, and light means of transport (LMT) batteries above 2 kWh placed on the EU market after February 18, 2027, carry a compliant digital product passport. The regulation is directly applicable — no national transposition needed, no room for member state discretion. If you manufacture or import batteries, your compliance clock is already running.
Textiles and Footwear — H2 2027 (Expected)
The textile delegated act is among the most advanced in development. Draft requirements point to mid-to-late 2027 as the compliance deadline, covering garments, footwear, and home textiles. Fashion brands with complex global supply chains face the biggest preparation challenge here.
Electronics and ICT — 2028 (Expected)
Consumer electronics, ICT equipment, and connected devices are expected to require DPPs from 2028. The scope will likely cover smartphones, laptops, servers, and household appliances — sectors where planned obsolescence and e-waste are significant policy concerns.
Furniture, Construction, Chemicals — 2028-2030
These sectors follow in subsequent waves. Furniture manufacturers should be watching the textile delegated act closely, as many data requirements will be similar. Construction product manufacturers face overlapping requirements from both the ESPR and the revised Construction Products Regulation (CPR).
Timeline Overview
| Product Category | Legal Basis | DPP Deadline | Status |
|---|---|---|---|
| Batteries (>2 kWh) | EU Reg. 2023/1542 | 18 Feb 2027 | Confirmed |
| Textiles & footwear | ESPR delegated act | H2 2027 | Draft in progress |
| Electronics & ICT | ESPR delegated act | 2028 | Planned |
| Furniture | ESPR delegated act | 2028-2029 | Planned |
| Construction products | ESPR delegated act + CPR | 2029 | Planned |
| Chemicals, paints, detergents | ESPR delegated act | 2029-2030 | Planned |
| Tyres | ESPR delegated act | TBD | Scoping phase |
How Does a Digital Product Passport Work in Practice?
The technical mechanism is elegant in concept, even if implementation is demanding. Three components work together:
1. The unique identifier. Each product (or batch, or model — depending on the delegated act) receives a unique identifier, ideally following the GS1 Digital Link standard. This identifier is the bridge between the physical product and its digital twin.
2. The data carrier. A QR code, NFC chip, or RFID tag is physically attached to the product or its packaging. When scanned, it resolves the unique identifier to a URL that serves the appropriate data. The beauty of GS1 Digital Link is that the same scan can serve different data to different actors based on their permissions.
3. The backend registry. The actual data lives in a compliant registry system — hosted within the EU or in jurisdictions with adequate data protection, accessible via standardised APIs, and required to remain available for the product's full lifecycle plus ten years after end-of-life. That's a data retention commitment of potentially 20-30 years for durable goods.
When a consumer scans the QR code on a battery pack, they see environmental footprint data and recycling instructions. When a recycling facility scans the same code, they see material composition and disassembly sequences. When a customs inspector scans it, they see the complete compliance dossier. One code, multiple data layers, access controlled by actor type.
For companies that don't want to build registry infrastructure from scratch, platforms like DPP-Tool handle the hosting, API management, and data versioning — so you can focus on collecting and structuring your product data rather than building IT infrastructure.
Who Is Responsible for Creating a DPP?
The manufacturer bears primary legal responsibility. Under ESPR Article 9, the manufacturer must create the DPP and affix the data carrier before the product is placed on the EU market. But the obligation cascades through the value chain in ways that catch many companies off guard.
If the manufacturer is outside the EU — which is the case for the vast majority of batteries, electronics, and textiles — the EU-based importer becomes the responsible economic operator. That importer must ensure the DPP exists and is compliant before the product enters EU territory. In practice, this means importers need contractual arrangements with their non-EU suppliers guaranteeing data provision.
Distributors must verify that products they handle carry valid DPPs. They can't claim ignorance — due diligence obligations under the regulation require active verification.
Online marketplaces face DPP-related obligations under the EU Digital Services Act, which intersects with ESPR requirements. Platforms that allow non-compliant products to be sold face their own regulatory exposure.
And here's something that doesn't get discussed enough: repair operators and refurbishers may be required to update the DPP when they significantly modify a product. The digital product passport is a living document, not a one-time filing.
Why Companies That Move Early Win
I've watched enough regulatory transitions to know the pattern. Companies that treat new regulations as pure cost centres always spend more in the end than those that find the strategic value early. The DPP is no exception.
Supply chain visibility. The process of collecting DPP data forces you to map your supply chain at a level of detail most companies have never achieved. I've seen manufacturers discover redundant suppliers, over-specified materials, and cost-saving opportunities that they had simply never looked for because the data wasn't organised.
B2B competitive advantage. Large EU corporations facing their own supply chain due diligence obligations under the Corporate Sustainability Due Diligence Directive (CS3D) are already asking suppliers for DPP-compatible data. If you can provide it, you move to the front of their procurement queue. If you can't, you're at risk of being replaced.
Consumer trust. European consumers are increasingly making purchasing decisions based on verified sustainability credentials. A DPP-linked QR code that shows real data — not just marketing copy — builds trust in a way that brochures and claims don't.
Reduced warranty and return costs. Companies piloting DPP systems report measurably better repair diagnostics when technicians can access accurate product configuration data via the passport. Fewer misdiagnosed repairs means lower warranty costs.
Future-proofing. If you build DPP infrastructure for EU compliance now, you're positioned for similar regulations emerging in South Korea, the UK, and other markets. The investment amortises across multiple jurisdictions.
How to Start Preparing for DPP Compliance
Based on working with dozens of companies across different sectors, here's the preparation sequence that works in practice:
Step 1: Determine your timeline. Check the sector timeline to understand when your product category's delegated act is expected. If it's batteries, you should already be in implementation. If it's textiles or electronics, you need to be in active preparation. If it's furniture or construction, you have time to plan — but don't waste it.
Step 2: Audit your data. Take a single representative product and try to populate all six DPP data categories from your existing systems. You'll quickly discover where your data gaps are. Most companies find that 30-50% of the required fields aren't currently collected or aren't in a usable format.
Step 3: Engage suppliers early. The data you need for the DPP comes from across your supply chain. Starting conversations with suppliers 18 months before a deadline is dramatically more productive than sending panic emails three months before. Suppliers who get advance notice cooperate; those who get ambushed push back.
Step 4: Choose your tools. You don't need to build custom infrastructure. DPP platforms like DPP-Tool let you structure data, generate compliant QR codes, and manage the backend registry without a six-figure IT project. Starting with a purpose-built tool saves time and reduces the risk of non-compliant data structures.
Step 5: Build internal alignment. DPP compliance touches product design, procurement, manufacturing, quality, sustainability, IT, and legal. If these teams aren't aligned from the start, you'll waste months reconciling conflicting assumptions later.
Ready to Build Your Digital Product Passport?
DPP-Tool helps you create ESPR-compliant Digital Product Passports in minutes — no enterprise budget required.
What Happens If You Don't Comply?
The ESPR gives Member States the authority to set penalties, and they're required to be "effective, proportionate, and dissuasive." For batteries, early national implementation drafts suggest fines in the range of 2-4% of annual EU turnover for serious or repeated violations.
But fines aren't the biggest risk. The real threat is market access. Products that don't carry a valid DPP when required simply cannot be legally placed on the EU market. Market surveillance authorities have enhanced powers under the ESPR, including the ability to conduct online mystery shopping and order product testing. The digital nature of the DPP makes non-compliance much easier to detect than under the old paper-based conformity regime.
For companies where the EU represents a significant revenue stream — and for many manufacturers, it's their largest market — losing market access isn't a fine to be budgeted. It's an existential risk.
Frequently Asked Questions
What is a digital product passport in simple terms?
A digital product passport is a digital ID card for a physical product. It stores verified information about what the product is made of, where it comes from, how to repair it, and how to recycle it. You access it by scanning a QR code on the product. The EU is making DPPs mandatory for most products sold in Europe, starting with batteries in February 2027, to combat greenwashing and support the circular economy.
Is the digital product passport mandatory?
Yes, but it's being phased in by product category. The ESPR regulation (EU 2024/1781) makes the DPP mandatory for all product categories covered by delegated acts. Batteries are first (mandatory from February 2027 under EU Regulation 2023/1542). Textiles are expected to follow in H2 2027, electronics in 2028. By 2030, most physical products sold in the EU will need a DPP. The regulation applies to all products sold on the EU market, regardless of where they're manufactured.
Does the digital product passport apply to non-EU companies?
Yes. Any product placed on the EU market must comply, regardless of where it's manufactured. If a non-EU company sells directly into Europe, it needs a DPP for its products. If it sells through an EU-based importer, the importer becomes the legally responsible party — but in practice, the manufacturer must provide the underlying data. Non-EU companies that can provide DPP-compatible data maintain their EU market access; those that can't risk being replaced by competitors who can.
How much does it cost to implement a digital product passport?
Implementation costs vary widely depending on company size, supply chain complexity, and existing data maturity. SMEs using a SaaS platform like DPP-Tool can get started for a few hundred euros per month. Larger enterprises with complex supply chains and custom integration requirements typically invest EUR 50,000 to EUR 250,000 or more. The biggest cost driver is usually supplier data collection and system integration — not the DPP platform itself. Starting early reduces costs significantly because you avoid the premium pricing and resource crunch that comes with last-minute compliance rushes.
What is the difference between a digital product passport and an energy label?
An energy label shows a single performance metric (energy efficiency class) for a specific product category. A digital product passport is far more comprehensive: it covers material composition, carbon footprint, repairability, substances of concern, recycling instructions, compliance records, and more. It's digital and machine-readable rather than a physical sticker. It also has multi-layered access — consumers, repair operators, recyclers, and regulators each see different data through the same QR code. Energy labels will continue to exist alongside DPPs, but the DPP goes much deeper.
Can I create a digital product passport myself or do I need a platform?
You can technically build your own DPP system, but it's rarely cost-effective. A compliant DPP requires a unique identifier system, a data carrier (QR code), an EU-compliant hosted registry with standardised APIs, access control layers, data versioning, and guaranteed availability for the product's lifecycle plus ten years. Building this in-house is a significant engineering project. For most companies — especially SMEs — using a purpose-built platform like DPP-Tool is faster, cheaper, and lower risk. You focus on your product data; the platform handles the technical infrastructure.