What Is a Digital Product Passport? The Complete Guide for EU Manufacturers

The Digital Product Passport is the most significant product transparency initiative the European Union has ever introduced. If you manufacture, import, or sell physical products on the EU market, this regulation will reshape how you document, disclose, and digitise product data.

This guide explains what a Digital Product Passport is, which regulations mandate it, what data it must contain, which products are affected first, and what manufacturers need to do now to prepare.

Definition: What Is a Digital Product Passport?

A Digital Product Passport (DPP) is a structured, machine-readable digital record that travels with a product throughout its entire lifecycle. It contains standardised data about a product’s origin, composition, environmental footprint, repairability, and end-of-life handling.

The DPP is not a voluntary sustainability badge. It is a legal compliance requirement established by EU regulation. Products subject to a DPP mandate cannot be placed on the EU market without one.

Each DPP is linked to a specific product or product batch through a unique identifier and accessed via a data carrier — typically a QR code — affixed to the product, its packaging, or its accompanying documentation. Anyone who scans the QR code can access the public tier of the passport. Regulated authorities can access restricted data tiers through authenticated channels.

Legal Basis: The Regulations Behind the DPP

The Digital Product Passport is not established by a single regulation. Two major EU legislative instruments create DPP obligations, each covering different product categories and timelines.

Ecodesign for Sustainable Products Regulation (ESPR) — Regulation (EU) 2024/1781

The ESPR is the horizontal framework regulation. Published in the Official Journal on 28 June 2024, it entered into force on 18 July 2024. Articles 9 through 12 of the ESPR establish the legal framework for Digital Product Passports across nearly all physical products placed on the EU market.

The ESPR does not immediately require DPPs for specific products. Instead, it empowers the European Commission to adopt delegated acts that define product-specific DPP requirements. Each delegated act will specify the exact data fields, format requirements, and compliance deadlines for a given product category.

EU Battery Regulation — Regulation (EU) 2023/1542

The Battery Regulation is the first sectoral regulation to mandate a Digital Product Passport. Article 77 of Regulation (EU) 2023/1542 requires a battery passport for industrial batteries with a capacity above 2 kWh, electric vehicle (EV) batteries, and light means of transport (LMT) batteries.

The battery passport becomes mandatory on 18 February 2027. This makes the battery passport the first DPP obligation to take effect under EU law and the reference implementation for all subsequent product passports.

What Data Does a Digital Product Passport Contain?

A DPP is not a single document. It is a structured dataset containing multiple categories of product information. The exact data fields vary by product category and are defined in the applicable delegated act or sectoral regulation. However, the ESPR framework establishes common categories that apply broadly.

Product Identity and Traceability

• Unique product identifier (at the item, batch, or model level)
• Global Trade Item Number (GTIN) or equivalent
• Manufacturer name, registered trade name, and contact details
• Manufacturing facility location
• Product model and batch or serial number

Environmental Footprint

• Carbon footprint across the product lifecycle (cradle-to-grave or cradle-to-gate, as specified)
• Energy consumption during use phase
• Environmental impact category results calculated per Product Environmental Footprint (PEF) methodology

Material Composition and Substances of Concern

• Bill of materials at the component level
• Substances of concern present in the product (name, CAS number, concentration, location within the product)
• Substances subject to REACH restrictions or candidate list inclusion
• Recycled content percentage by material type

Circularity and End-of-Life Information

• Recyclability score or disassembly instructions
• Spare part availability and expected delivery time
• Repair and maintenance instructions
• Safe disposal or take-back information

Compliance Declarations

• EU Declaration of Conformity
• CE marking information
• Applicable harmonised standards
• Notified body involvement (where applicable)
• Links to supporting test reports or certificates

For the battery passport specifically, Annex XIII of Regulation (EU) 2023/1542 defines 111 mandatory data points across six categories. This is the most granular DPP specification published to date and serves as a benchmark for the level of detail manufacturers should expect from future ESPR delegated acts.

Which Products Need a Digital Product Passport?

The scope of DPP requirements will expand in phases over the coming years. Not all products are affected immediately, but the direction is clear: the EU intends to require DPPs for nearly all physical products on its market.

Batteries (First Movers — February 2027)

Under Regulation (EU) 2023/1542, battery passports are required from 18 February 2027 for industrial batteries exceeding 2 kWh capacity, EV batteries, and LMT batteries. This is the first binding DPP deadline.

ESPR Priority Product Categories

The European Commission has identified priority product categories for the first wave of ESPR delegated acts. These include:

• Textiles and footwear
• Furniture
• Iron and steel
• Aluminium
• Tyres
• Electronics and ICT equipment
• Detergents
• Paints and varnishes
• Lubricants and greases

Delegated acts for these categories are expected between 2025 and 2028. The DPP compliance deadlines within each delegated act will typically provide a transition period of 18 to 36 months after publication. This means the first ESPR-based DPPs are likely to become mandatory between 2028 and 2030.

Broader Scope

The ESPR framework covers nearly all physical products placed on the EU market. Exceptions are narrow: food, animal feed, medicinal products for human or veterinary use, living plants and animals, and products of human origin are excluded. Motor vehicles covered by existing type-approval regulations are also excluded. Beyond these carve-outs, any physical product could eventually require a DPP once a delegated act is adopted for its category.

Timeline and Key Deadlines

Understanding the sequencing of DPP obligations is critical for resource planning. The timeline is staggered, but the first hard deadline is less than a year away.

• 17 August 2023: EU Battery Regulation (2023/1542) enters into force
• 18 July 2024: ESPR (2024/1781) enters into force
• February 2025: Carbon footprint declaration required for EV and industrial batteries >2 kWh (Battery Regulation, Article 7)
• August 2026: Carbon footprint performance classes apply to EV and industrial batteries >2 kWh
• 18 February 2027: Battery passport mandatory for industrial batteries >2 kWh, EV batteries, and LMT batteries
• 2025-2028: European Commission adopts ESPR delegated acts for priority product categories
• 2028-2030 (estimated): First ESPR-based DPPs become mandatory, depending on delegated act timelines
• Ongoing: EU Central DPP Registry becomes operational; additional product categories are added via new delegated acts

Who Is Responsible for Creating a DPP?

Responsibility for creating and maintaining a Digital Product Passport falls on the economic operator who places the product on the EU market. In most cases, this is the manufacturer. However, the obligations extend to other actors in the supply chain under specific circumstances.

Manufacturers

The manufacturer bears primary responsibility. They must create the DPP, populate it with accurate and complete data, link it to a data carrier on the product, and register it with the EU Central DPP Registry. The manufacturer must ensure the DPP remains accessible for the period specified in the applicable delegated act — typically the expected lifetime of the product plus ten years.

Importers

When a product is manufactured outside the EU, the importer who places it on the EU market must verify that a valid DPP exists and that it meets all applicable requirements. If the manufacturer has not created a compliant DPP, the importer cannot legally place the product on the market.

Authorised Representatives

A non-EU manufacturer may appoint an authorised representative established in the EU to fulfil certain DPP obligations on their behalf. The authorised representative’s details must be included in the DPP. However, the underlying data accuracy obligation remains with the manufacturer.

The Data Carrier Requirement

Every DPP must be accessible through a data carrier affixed to the product, its packaging, or its accompanying documentation. The data carrier is the physical link between the product and its digital record.

The ESPR framework, under Article 9(3), specifies that the data carrier must be a QR code. The QR code must comply with ISO/IEC 18004. The data encoded in the QR must follow the GS1 Digital Link standard, which allows a single QR code to resolve to multiple destinations depending on the context of the scan.

The GS1 Digital Link standard is critical. It ensures global interoperability across supply chains, customs systems, and market surveillance tools. A DPP QR code scanned in Germany must resolve to the same structured data as one scanned in Portugal or at an EU customs checkpoint.

The QR code must remain scannable and legible for the expected lifetime of the product. Manufacturers must consider durability when selecting printing or engraving methods, particularly for products exposed to abrasion, chemicals, or outdoor conditions.

Access Tiers: Who Can See What

Not all DPP data is publicly visible. The ESPR establishes a tiered access model that controls which data is available to which audience. This is defined in Article 10 of Regulation (EU) 2024/1781.

Public Access

Certain data fields are accessible to anyone who scans the QR code. This includes basic product identity information, environmental performance data, repair and maintenance instructions, and safe disposal guidance. The public tier is designed to inform consumers and downstream users.

Persons with a Legitimate Interest

A second tier of data is accessible only to persons with a legitimate interest. This category includes repairers, remanufacturers, recyclers, and researchers. Access requires authentication. The data in this tier may include more detailed material composition, disassembly sequences, and component-level information needed for professional repair or recycling operations.

Market Surveillance and Customs Authorities

The most restricted tier is reserved for market surveillance authorities and customs authorities. This tier may include commercially sensitive data such as supplier identities, detailed supply chain traceability, and raw test data. Access is controlled through the EU Central DPP Registry’s authentication infrastructure.

Manufacturers must implement all three access tiers correctly. A DPP that exposes restricted data publicly or that blocks legitimate access to authorised parties is non-compliant.

The EU Central DPP Registry

Article 12 of the ESPR mandates the creation of a centralised EU registry for all Digital Product Passports. The EU Central DPP Registry will serve as the single point of access for market surveillance authorities and customs systems across all Member States.

The registry will not host the actual DPP data. Instead, it will store the unique identifiers and resolve them to the DPP hosted by the manufacturer or their DPP service provider. Think of it as a lookup directory: given a product identifier, the registry returns the location of the DPP and facilitates authenticated access to restricted data tiers.

The European Commission is responsible for building and operating the registry. Implementing acts will define the technical specifications, data exchange protocols, and onboarding procedures. Manufacturers will be required to register every DPP they create with this central registry before placing the product on the market.

The registry infrastructure is still under development. However, manufacturers should design their DPP systems to be registry-compatible from day one. Retrofitting registry integration after the fact is significantly more costly than building it in from the start.

How to Get Started: Practical Steps for Manufacturers

Preparing for DPP compliance is not a last-minute exercise. The data collection, system integration, and supply chain coordination required takes 12 to 24 months for most manufacturers. Here is a practical roadmap.

1. Identify Your Regulatory Exposure

Determine which of your products fall under the Battery Regulation or the ESPR priority product categories. Map each product line to the applicable regulation and track the delegated act development process for your category.

2. Conduct a Data Gap Analysis

Compare the data fields required by the applicable regulation or delegated act against the data you currently hold. Most manufacturers find significant gaps in environmental footprint data, substance of concern reporting, and supply chain traceability. Identifying these gaps early is essential.

3. Engage Your Supply Chain

Much of the data required for a DPP originates upstream in the supply chain. Raw material sourcing, component-level composition data, and sub-assembly environmental footprints must be collected from suppliers. Begin formalising data-sharing agreements and contractual requirements with key suppliers now.

4. Select a DPP Platform

A DPP is a digital infrastructure requirement, not a one-off document. You need a platform that can create, host, manage, and update DPPs at scale across your product portfolio. The platform must support the mandated data formats, QR code generation compliant with GS1 Digital Link, tiered access control, and integration with the EU Central DPP Registry. Traceable provides this infrastructure, purpose-built for EU regulatory compliance.

5. Implement and Test

Begin with a pilot product line. Create DPPs, generate QR codes, test scanning workflows, and validate data completeness against the regulatory requirements. Iterate before scaling to your full product portfolio.

Penalties for Non-Compliance

The consequences of failing to comply with DPP requirements are concrete and enforceable.

Under the ESPR, market surveillance authorities in each Member State have the power to withdraw non-compliant products from the market, prohibit their placement on the market, and impose financial penalties. Article 68 of the ESPR requires Member States to lay down rules on penalties that are effective, proportionate, and dissuasive.

The Battery Regulation carries similar enforcement provisions. Article 76 empowers market surveillance authorities to take corrective action against batteries placed on the market without a compliant battery passport.

Beyond regulatory penalties, non-compliance creates immediate commercial risk. EU customs authorities will have access to the DPP registry. Products arriving at EU borders without a registered DPP can be held, inspected, and refused entry. For manufacturers with complex international supply chains, a customs hold can disrupt deliveries across the entire EU market.

There is also reputational risk. The public tier of the DPP is visible to consumers, competitors, and advocacy groups. A missing or incomplete DPP signals to the market that a manufacturer is not meeting its regulatory obligations.

The Strategic Opportunity

Compliance is the minimum. Manufacturers who treat the DPP as a strategic asset rather than a regulatory burden gain advantages that extend far beyond avoiding penalties.

A well-structured DPP provides full visibility into your product’s lifecycle. It enables data-driven decisions about material selection, supplier performance, and design-for-circularity. It gives your sales and marketing teams verified sustainability claims backed by auditable data. It positions your brand as a leader in transparency at a time when procurement decisions increasingly favour suppliers who can demonstrate compliance.

The manufacturers who invest in DPP infrastructure now will be ready when delegated acts are published. Those who wait will face compressed timelines, higher costs, and the risk of missing compliance deadlines.

Frequently Asked Questions

Is a Digital Product Passport the same as an EPD?

No. An Environmental Product Declaration (EPD) is a voluntary disclosure based on ISO 14025. A DPP is a mandatory regulatory requirement with a defined data structure, access control model, and enforcement mechanism. A DPP may reference or incorporate EPD data, but the two are distinct instruments.

Does the DPP apply to products sold outside the EU?

The DPP requirement applies to products placed on the EU market. If you manufacture a product exclusively for non-EU markets, it is not subject to the DPP mandate. However, if the same product model is sold in the EU and elsewhere, the EU-bound units must have compliant DPPs.

Can I use an existing PLM or ERP system as my DPP?

PLM and ERP systems contain much of the data a DPP requires. However, they are not designed to serve as externally accessible, standards-compliant DPP endpoints. You will need a DPP platform that can ingest data from your internal systems and publish it in the mandated format with proper access controls and registry integration. Traceable integrates with existing enterprise systems to bridge this gap.

How long must a DPP remain accessible?

The ESPR specifies that DPPs must remain accessible for the expected lifetime of the product plus an additional period defined in the applicable delegated act. For long-lifecycle products such as industrial equipment or construction materials, this could mean decades of data hosting and availability.

This guide reflects the regulatory position as of March 2026. EU regulations, delegated acts, and implementing measures are subject to ongoing development. Subscribe to Regulatory Radar on traceable.digital for timely updates on DPP requirements, delegated act progress, and compliance deadlines as they evolve.