EU DPP Compliance FAQ

Frequently Asked Questions About EU Digital Product Passports

The EU Digital Product Passport is one of the most significant product compliance obligations to emerge in the last decade. The questions below address the regulatory framework, technical requirements, and practical steps manufacturers need to understand.

What is a Digital Product Passport?

A Digital Product Passport (DPP) is a structured digital record linked to a specific product that contains data about its composition, origin, environmental impact, repairability, and end-of-life handling. The DPP is accessible via a data carrier — typically a QR code — affixed to the product. It is defined in the Ecodesign for Sustainable Products Regulation (ESPR), Regulation (EU) 2024/1781, as a “product-specific set of data” that is “electronically accessible through a data carrier.”

Is the DPP mandatory?

Yes. Once a delegated act is adopted for a specific product category under the ESPR, the DPP becomes a mandatory legal requirement for placing that product on the EU market. Without a compliant DPP, the product cannot legally be sold in the EU. The Battery Regulation (Regulation (EU) 2023/1542) independently mandates a battery passport for certain battery categories.

When does the DPP become mandatory?

The timeline varies by product category. The battery passport under Regulation (EU) 2023/1542 applies from 18 February 2027 for industrial batteries and electric vehicle batteries with a capacity above 2 kWh. Under the ESPR, the Commission will adopt delegated acts for specific product categories on a rolling basis, with the first product groups expected to have DPP obligations from 2027-2028. Each delegated act will define the application date for its product category.

Which products need a DPP?

The ESPR has a broad scope covering virtually all physical products placed on the EU market, with limited exceptions for food, feed, and medicinal products (Article 1(2)). However, DPP requirements only become active when the Commission adopts a delegated act for a specific product category. Priority product categories identified by the Commission include textiles, electronics, batteries, furniture, construction products, and chemicals. The exact product-by-product timeline depends on the Commission’s work programme.

What data must a DPP contain?

Article 7(2) of the ESPR sets out the general data requirements, which include: a unique product identifier, the product’s Global Trade Item Number (GTIN), relevant compliance documentation, user manuals, safety instructions, information on the manufacturer, substances of concern (referencing REACH and CLP), carbon footprint data where applicable, material composition, repairability information, and end-of-life handling instructions. Each delegated act will specify the precise data elements for its product category, as the requirements differ between textiles, batteries, electronics, and other product groups.

Who is responsible for creating the DPP?

The economic operator who places the product on the EU market bears responsibility for creating and maintaining the DPP. Under Article 4 of the ESPR, this is typically the manufacturer, but it can also be the importer or authorised representative depending on the supply chain structure. Where a product is manufactured outside the EU, the importer who first places it on the EU market takes on the DPP obligation.

What is the ESPR?

The ESPR — Ecodesign for Sustainable Products Regulation, Regulation (EU) 2024/1781 — is the EU’s framework regulation for sustainable product design. It replaces and expands the original Ecodesign Directive (2009/125/EC), which applied only to energy-related products. The ESPR extends ecodesign requirements to nearly all physical products on the EU market and introduces the Digital Product Passport as a key compliance mechanism. It entered into force on 18 July 2024.

What is the EU Battery Regulation?

Regulation (EU) 2023/1542 — the EU Battery Regulation — governs the sustainability, safety, and lifecycle management of batteries placed on the EU market. It is the first EU regulation to mandate a Digital Product Passport (the “battery passport”) and serves as a precedent for how DPPs will work under the ESPR. Annex XIII of the Battery Regulation specifies the data requirements for the battery passport, and Article 77 establishes the access framework for that data.

How does the DPP relate to existing regulations like REACH, WEEE, and RoHS?

The DPP does not replace REACH (Regulation (EC) 1907/2006), WEEE (Directive 2012/19/EU), or RoHS (Directive 2011/65/EU). It complements them by requiring relevant compliance data to be included in the DPP. For example, SVHC data required under REACH Article 33 must appear in the DPP’s substance of concern section. WEEE collection and recycling information must be included where applicable. RoHS compliance status may be referenced. The DPP consolidates data that currently exists across multiple separate obligations into a single accessible record.

What is the EU Central DPP Registry?

Article 14 of the ESPR establishes the EU Central DPP Registry — a centralised database operated by the Commission that indexes all Digital Product Passports on the EU market. The registry stores the unique product identifier, links to the DPP data location, and supports the verification of economic operators. It does not host the DPP data itself; rather, it acts as a directory that connects product identifiers to the systems where DPP data is stored. The Commission will adopt implementing acts specifying the technical design and operation of the registry.

What is a GS1 Digital Link QR code?

A GS1 Digital Link is a standardised URI structure that encodes a product’s Global Trade Item Number (GTIN) into a web-resolvable URL. When encoded in a QR code, it allows a simple smartphone scan to resolve to the product’s Digital Product Passport. The ESPR references the use of data carriers that comply with ISO/IEC standards, and GS1 Digital Link is the leading candidate for DPP data carriers. It combines the established GS1 identification system with web accessibility, making it suitable for both supply chain scanning and consumer-facing DPP access.

Who can access DPP data?

Article 10 of the ESPR defines a three-tier access model. Tier 1 (public access) is available to anyone without authentication — this includes general product information, sustainability data, and consumer-relevant details. Tier 2 (persons of legitimate interest) requires authentication and covers professional repairers, recyclers, refurbishers, researchers, and other actors with a demonstrated need — this includes detailed material composition, dismantling instructions, and repair manuals. Tier 3 (market surveillance authorities) provides full access to all DPP data, including commercially sensitive information, for enforcement purposes.

How long must DPP data be retained?

Article 12(2) of the ESPR requires that DPP data remain accessible for at least 10 years after the last unit of the product has been placed on the market, unless a different period is specified in the applicable delegated act. For products with long lifespans, the delegated act may extend this period. The economic operator must ensure continued accessibility even if they change DPP service providers or cease trading. Data portability and long-term hosting obligations are addressed in Article 12(3).

What are the penalties for non-compliance?

Article 68 of the ESPR requires Member States to lay down penalties that are “effective, proportionate and dissuasive.” The specific penalties are defined in national legislation, not the ESPR itself, so they will vary across the 27 Member States. However, the consequence framework includes fines, product withdrawal from the market, import refusal by customs authorities, and — in the most serious cases — criminal liability under some Member State laws. The most immediate commercial consequence is loss of EU market access: a product without a compliant DPP cannot legally be placed on the market.

Can I use my existing ERP/PLM data?

In most cases, yes — partially. Your ERP and PLM systems likely already contain much of the data needed for the DPP: bill of materials, material specifications, supplier information, compliance certificates, and product identifiers. However, DPP data must be structured in the format specified by the applicable delegated act and the CEN-CENELEC technical standards. This typically requires mapping your internal data fields to the DPP data model, filling gaps (especially for substance of concern data and end-of-life instructions), and exporting in a machine-readable format. Traceable integrates with existing ERP and PLM systems to pull available data and identify gaps.

Do I need to collect data from my suppliers?

Yes. The DPP requires data that the manufacturer alone rarely possesses — particularly detailed material composition, substance of concern declarations, and recycled content percentages at the component level. Article 7(2)(b) of the ESPR explicitly includes substances of concern data that can only come from upstream suppliers. Manufacturers must establish data collection processes with their supply chain, including contractual requirements for timely and accurate material declarations. The earlier you start this process, the smoother the compliance effort.

What about GDPR and personal data in the DPP?

The DPP itself should not contain personal data — it describes products, not people. However, the access control system for persons of legitimate interest (Tier 2) necessarily processes personal data: names, professional credentials, and access logs. This processing falls under the GDPR (Regulation (EU) 2016/679). Recital 27 of the ESPR explicitly states that DPP processing must comply with data protection law. Manufacturers must ensure their DPP systems apply data minimisation, implement appropriate security measures, and maintain lawful bases for processing access-related personal data.

How do I get started with DPP compliance?

Start with three steps. First, identify whether your products fall within a product category for which a delegated act has been adopted or is expected — the Commission’s ESPR work programme lists priority product groups. Second, audit your existing data: map what you already have in ERP/PLM systems against the expected DPP data requirements, and identify gaps, especially in substance data and supply chain traceability. Third, engage your suppliers early — the data collection process takes months, and suppliers need time to compile accurate material declarations. Beginning this work 12-18 months before a delegated act’s application date is recommended.

What is Traceable and how does it help?

Traceable is an EU Digital Product Passport platform purpose-built for ESPR and Battery Regulation compliance. The platform manages the entire DPP lifecycle: data collection from suppliers, passport creation, GS1 Digital Link QR code generation, three-tier access control under Article 10, automated SVHC tracking against the ECHA Candidate List, and registration with the EU Central DPP Registry. Traceable integrates with existing ERP and PLM systems to minimise duplicate data entry and provides a regulatory monitoring service — Regulatory Radar — that alerts manufacturers when new delegated acts or Candidate List updates affect their products.

Where can I find the official regulation texts?

All EU regulations are published in the Official Journal of the European Union and available free of charge on EUR-Lex. The key texts are: Regulation (EU) 2024/1781 (ESPR) at eur-lex.europa.eu under CELEX number 32024R1781; Regulation (EU) 2023/1542 (Battery Regulation) under CELEX number 32023R1542; Regulation (EC) 1907/2006 (REACH) under CELEX number 32006R1907. ECHA publishes the SVHC Candidate List at echa.europa.eu/candidate-list-table. The Commission publishes DPP-related consultations and preparatory studies on its Ecodesign pages.

This guide reflects the regulatory position as of March 2026. Delegated acts, implementing acts, and technical standards for the Digital Product Passport are being developed on a rolling basis by the European Commission, CEN-CENELEC, and ECHA. Subscribe to Traceable’s Regulatory Radar for real-time updates as new requirements are published that affect your products and compliance obligations.