DPP Compliance Checker: Is Your Business Ready for EU Digital Product Passport Requirements?
Most manufacturers I talk to underestimate how much internal work DPP compliance actually requires. It is not a software problem you solve by purchasing a tool — though the right tool helps. The harder part is data: knowing what information you have, what is missing, and who in your supply chain is responsible for what. This compliance checker walks you through the eight dimensions of DPP readiness that regulators will assess.
What DPP Compliance Actually Means Under ESPR 2024/1781
The ESPR regulation (EU 2024/1781) establishes the legal framework for Digital Product Passports across all product categories sold in the European market. Compliance is not binary — it has layers that apply at different stages: design, manufacturing, import, distribution, and end-of-life.
Understanding which layer applies to your business is the starting point. A manufacturer bears primary responsibility for creating the DPP and populating it with accurate data. An importer becomes the responsible economic operator when the manufacturer is outside the EU. A distributor must verify the DPP exists and is accessible — but does not create it. Your obligations depend entirely on your role in the supply chain.
| Role | Primary Obligation | Deadline Trigger |
|---|---|---|
| EU Manufacturer | Create DPP, assign unique identifier, register in EU Registry | Before placing product on market |
| Non-EU Manufacturer | Appoint EU authorised representative or ensure importer compliance | Before first EU sale |
| EU Importer | Verify DPP accuracy; become responsible operator if manufacturer non-compliant | At point of import |
| EU Distributor | Verify DPP presence and data carrier accessibility | Before making product available |
| Retailer | Ensure QR code/NFC is intact and scannable at point of sale | Ongoing |
The 8-Dimension DPP Compliance Checklist
Work through each dimension below. Be honest — partial readiness is more dangerous than acknowledged gaps, because it creates a false sense of security that delays real preparation.
Dimension 1: Do Your Products Fall Under a DPP Delegated Act?
The ESPR framework does not apply to all products simultaneously. Delegated acts are published sector by sector, each with its own mandatory data fields and deadline. Before spending any resource on DPP infrastructure, confirm which of your product categories are covered and when.
| Product Sector | DPP Mandatory From | Key Regulation |
|---|---|---|
| Batteries & Accumulators (>2 kWh, EV, industrial) | 18 February 2027 | EU Regulation 2023/1542 |
| Textiles & Footwear | Mid-2027 (delegated act pending) | ESPR 2024/1781 |
| Electronics & ICT Equipment | Q1 2028 | ESPR 2024/1781 |
| Furniture | Mid-2028 | ESPR 2024/1781 |
| Construction Products | Early 2029 | ESPR 2024/1781 + CPR revision |
| Iron, Steel & Aluminium | 2029–2030 | ESPR 2024/1781 |
Check: Have you mapped every product line against this table? If a product sits across two categories (e.g. a battery-powered e-bike), the stricter deadline applies.
Dimension 2: Unique Identifier Infrastructure
Every DPP-covered product unit requires a persistent, globally unique identifier. The regulation mandates compatibility with GS1 Digital Link standards — which means your existing EAN/GTIN barcodes can serve as the basis, but they need to resolve to a live DPP data endpoint, not just a product page.
Questions to answer for this dimension:
- Do you currently assign serial numbers or batch identifiers at the unit level (not just SKU level)?
- Are those identifiers GS1-compliant (GTIN-based) or do they use a proprietary format?
- Can your identifiers be embedded in a 2D barcode (QR or DataMatrix) that links to a URL resolving to DPP data?
- Who controls the identifier namespace — you, a third-party ERP vendor, or a contract manufacturer?
If the answer to question 4 is "contract manufacturer," you have a dependency risk. The DPP obligation falls on the economic operator placing the product on the EU market — which may not be the entity that controls the identifier.
Dimension 3: Data Completeness Against Sector-Specific Fields
This is where most readiness assessments reveal the most gaps. Each delegated act specifies exact mandatory data fields. The battery passport, for instance, requires carbon footprint per functional unit, recycled content by material, state of health parameters, and supply chain due diligence documentation. A generic "sustainability report" does not satisfy these requirements.
Run this check for each product category:
- Download the relevant delegated act (or use the DPP requirements checklist as a starting point)
- List every mandatory data field
- For each field, identify: do you have this data today? If yes, in what system? If no, what would it take to produce it?
- Classify each gap as: (a) data exists but not in digital format, (b) data requires supplier input, (c) data requires new measurement/testing, (d) data requires third-party verification
Category (c) and (d) gaps take the longest to close. Testing carbon footprint per functional unit for a complex manufactured product typically requires 4–8 months of LCA work. If your deadline is February 2027, that timeline is already tight.
Dimension 4: Physical Data Carrier Compliance
The data carrier is the physical mechanism that connects the product to its DPP — typically a QR code, RFID tag, or NFC chip printed on or attached to the product or its packaging. The ESPR regulation specifies that the carrier must:
- Be legible throughout the product's entire useful life (not just at point of sale)
- Be accessible without special tools for consumer-tier data
- Comply with ISO/IEC standards for data carriers
- Link to a URL that resolves to the DPP data — not just a product marketing page
A QR code printed on paper packaging that deteriorates within months does not satisfy the durability requirement for products with a 10-year expected lifespan. For durable goods — furniture, appliances, batteries — you need to think carefully about carrier substrate and placement. Engraved QR codes, RFID inlays in product labels, or NFC chips embedded in packaging are all used in practice.
Dimension 5: EU DPP Registry Registration
The European Commission is building a central EU DPP Registry, scheduled to launch in July 2026. Before a DPP-covered product can be placed on the EU market after the relevant delegated act deadline, its unique identifier must be registered in this registry. The registry does not store the DPP data itself — it stores the resolver: the mapping from identifier to the endpoint where data is held.
What this means practically: your DPP infrastructure must be able to export registration data to the EU Registry API in the format the Commission specifies. That API specification is being finalised now. Monitoring the Commission's CIRPASS-2 project outputs is the best way to stay current on technical requirements.
Check: Have you assigned someone in your organisation to monitor the EU DPP Registry technical specifications? This is not a "set and forget" decision — the technical requirements will evolve before the first deadline.
Dimension 6: Three-Tier Access Control Implementation
ESPR mandates that DPP data be accessible at three different access levels, each with different data visibility:
| Access Tier | Who Can Access | Data Visible |
|---|---|---|
| Public (Consumer) | Anyone with data carrier (QR code scan) | Sustainability info, repairability, materials summary |
| Economic Operator | Businesses in the value chain (authenticated) | Full product data, supply chain information, conformity docs |
| Market Surveillance / Enforcement | National competent authorities (EU credentials) | All data including confidential commercial information |
Most SMEs underestimate the technical complexity of this requirement. You need an access control system that can serve different data payloads to different authenticated parties via the same QR code resolver. This is not something you build in a spreadsheet.
Dimension 7: Supply Chain Data Collection Processes
A significant portion of the data required for a DPP does not originate with the manufacturer — it comes from upstream suppliers. Carbon footprint data requires supplier-level emissions data. Recycled content figures require material certificates. Due diligence declarations require supplier audit documentation.
Building the data collection processes is often the longest lead-time item in DPP readiness. Supplier onboarding, data format standardisation, verification workflows — these require contractual changes, supplier training, and usually a technical interface (API or data portal) through which suppliers submit information.
If you have a supply chain with 50+ first-tier suppliers and hundreds of second-tier suppliers, plan 12–18 months for this work. Starting after the delegated act is published leaves you without enough runway.
Dimension 8: Ongoing Update and Data Quality Obligations
A DPP is not a one-time document. The regulation requires that data be updated when product information changes — new suppliers, revised carbon footprint calculations, updated repair instructions, changed material composition. This creates a long-tail operational obligation that many businesses fail to plan for.
Who in your organisation will own DPP data quality after launch? What is the process for updating a DPP when a supplier changes a component? What happens to DPPs for products that have already been sold when the underlying data changes? These questions need answers before go-live, not after.
How to Score Your DPP Readiness
Rate each of the 8 dimensions above on a 0–3 scale:
- 0 — Not started: No work has been done on this dimension
- 1 — Assessed: You understand the requirement and have documented the gap
- 2 — In progress: Active work underway, timeline confirmed
- 3 — Complete: Requirement met and tested in production
A total score of 24 means full readiness. A score below 16 with less than 18 months to your sector deadline is a significant risk indicator. Scores below 8 with less than 24 months to deadline suggest immediate escalation is needed — this is a board-level risk, not an IT project.
The Three Gaps That Delay Compliance Most
After working through DPP readiness with dozens of manufacturers, three gaps come up more than any others:
Gap 1: Carbon footprint data. Manufacturers know they need product carbon footprint data but have never done a product-level LCA. Organisation-level carbon footprints (Scope 1, 2, 3) are not the same thing and do not satisfy DPP requirements. Product LCAs require primary data from suppliers, which requires supplier cooperation that takes time to secure.
Gap 2: Identifier infrastructure at unit level. Many manufacturers track products at batch or SKU level, not at individual unit level. The DPP requires unit-level identifiers for certain product categories (batteries, specifically). Retrofitting unit-level serialisation into manufacturing lines is a non-trivial operational change.
Gap 3: Legal entity responsibility mapping. In complex corporate structures — holding companies, subsidiaries, contract manufacturers, brand licensees — it is often genuinely unclear who is the "manufacturer" for ESPR purposes. Getting legal clarity on this is not optional; it determines who bears criminal liability for non-compliance.
How DPP-Tool Helps Close the Gaps
The DPP-Tool free tier lets you create your first Digital Product Passport in under 10 minutes — without any technical integration. This is useful for two things: first, understanding what a compliant DPP actually looks like in practice; second, creating pilot passports for specific products while your broader infrastructure comes together.
For SMEs manufacturing fewer than 500 products, DPP-Tool can serve as your complete DPP infrastructure — no custom integration required. For larger manufacturers, the DPP-Tool API connects to existing ERP and PLM systems so you can generate passports programmatically from your existing product data.
The tool handles unique identifier generation (GS1 Digital Link compliant), QR code creation, three-tier access control, and the public passport page that QR codes resolve to. What it does not replace is the upstream data work: collecting the right information from your supply chain, running the LCA calculations, getting supplier certificates. That work is yours regardless of which DPP platform you choose.
Frequently Asked Questions
How long does DPP compliance take to implement?
For a simple product with limited supply chain complexity, a basic DPP can be created in days using a tool like DPP-Tool. Full compliance — including supply chain data collection, LCA carbon footprint measurement, and EU Registry registration — typically takes 12 to 24 months for manufacturers with complex supply chains. Battery manufacturers targeting the February 2027 deadline should already be in active implementation.
What happens if my product is not DPP-compliant by the sector deadline?
Products without a valid DPP cannot legally be placed on the EU market after the applicable delegated act deadline. National market surveillance authorities can issue fines, require product withdrawal, and publish non-compliance findings publicly. Penalty amounts are set by member states, but the ESPR framework requires them to be "effective, proportionate, and dissuasive" — in practice, fines in the €50,000 to €500,000 range for repeated or significant violations.
Does DPP compliance apply to products already on the market before the deadline?
The DPP obligation applies to products "placed on the market" after the relevant deadline. Products that were already sold before the deadline are generally not required to be retrofitted with a DPP. However, products manufactured before the deadline but held in inventory and sold after it may need to comply — the critical moment is when the product is first placed on the EU market, not when it is manufactured.
Can SMEs get a simplified DPP process?
The ESPR regulation does not formally exempt SMEs from DPP requirements, but the Commission has committed to providing simplified procedures and reduced data requirements for micro-enterprises (under 10 employees, under €2M turnover). Delegated acts are expected to include SME-specific provisions for mandatory data fields. In practice, SMEs with a limited product range and simple supply chains can achieve compliance at significantly lower cost than large manufacturers.
What is the EU DPP Registry and when does it launch?
The EU DPP Registry is a central Commission-operated system that maps unique product identifiers to the data endpoints where DPP information is stored. It does not store product data directly — it functions as a resolver directory. The Registry is scheduled to launch in July 2026, before the first mandatory DPP deadline in February 2027 for batteries. Registration in the EU Registry will be a prerequisite for placing DPP-covered products on the EU market.
Ready to Create Your First DPP?
Start with a free Digital Product Passport for up to 3 products. No technical setup required — create a compliant DPP with QR code and public passport page in under 10 minutes.
Create Your Free DPP Now