Every conversation about Digital Product Passports eventually hits the same wall. Not the regulation complexity. Not the data format requirements. Not the QR codes or GS1 Digital Links.
The wall is supplier data.
The real bottleneck
A battery manufacturer does not generate most of the data required for a Digital Product Passport internally. The electrochemical composition comes from the cell supplier. The raw material sourcing data comes from the cathode and anode suppliers. The recycled content percentages come from material processors upstream. The carbon footprint of precursor materials comes from chemical suppliers who may be three or four tiers removed.
Regulation 2023/1542 Annex XIII requires data that spans the entire supply chain. No single company holds it all. That means every manufacturer is dependent on every supplier in their chain responding with accurate, structured, regulation-compliant data.
This is where the current approach breaks down completely.
How supplier data collection works today
A compliance manager creates a spreadsheet template. The template lists the data fields required from each supplier tier. The spreadsheet gets emailed to the procurement contact at each supplier. Then the waiting begins.
Tier 1 suppliers — the ones with direct commercial relationships — respond within weeks if the manufacturer has leverage. But the data is often incomplete. The supplier filled in what they could and left the rest blank. Or they interpreted the field labels differently. Or they provided data in units that do not match the regulation requirements.
Tier 2 and Tier 3 suppliers are worse. The manufacturer often does not have a direct relationship with them. The request goes through their Tier 1 supplier, who forwards it, who waits, who follows up, who eventually gets a partial response. This process takes months.
Multiply this across 20-50 suppliers per product. Multiply again across every SKU. The scale of the coordination problem becomes clear.
Why spreadsheets cannot solve this
The spreadsheet approach has a structural problem that no process improvement can fix: every data request is isolated.
When Supplier A provides cathode composition data to Manufacturer X, that data exchange is a one-time, bilateral transaction. When Manufacturer Y needs the same data from Supplier A for a different battery product, the entire process starts again. Same supplier. Same data. New spreadsheet. New email chain. New waiting period.
This is absurd. The data does not change between customers. The cathode chemistry is the cathode chemistry. The carbon footprint of a specific material grade is the same regardless of who is asking.
But in a spreadsheet-based world, there is no mechanism for this data to carry over. Every manufacturer-supplier pair is an island.
The compounding data network
The alternative is a shared infrastructure where supplier data compounds across the ecosystem.
Here is how it works in practice. Supplier A onboards to the platform and provides their material composition data, certificates, and declarations. That data is structured, validated against regulation requirements, and stored with the supplier’s control over who can access it.
When Manufacturer X requests data from Supplier A, it is already there. When Manufacturer Y requests the same data, it is already there. The supplier submitted once. Two manufacturers got compliant.
Now scale that. When Supplier A has submitted data to serve 10 manufacturers, the 11th manufacturer who uses Supplier A gets their data pre-populated on day one. No spreadsheet. No email. No waiting.
This is the compounding effect. Every new manufacturer on the platform brings their suppliers. Every supplier who submits data makes it faster for the next manufacturer. The 100th company onboards faster than the first.
What about data privacy
The immediate objection is confidentiality. Suppliers do not want their proprietary data shared indiscriminately. That concern is valid and any serious infrastructure must address it.
The model is permission-based. Suppliers control exactly which data points are shared with which manufacturers. Commercially sensitive information — pricing, volumes, proprietary formulations — stays private. Regulation-required data — material composition within mandated thresholds, recycled content percentages, due diligence declarations — is shared with authorised customers only.
This mirrors how the physical supply chain already works. A cathode supplier provides a certificate of analysis to every customer. The certificate contains the same data. The DPP data model works the same way — except digitally, instantly, and without the email chains.
The AI layer
Supplier data rarely arrives in the right format. Certificates of analysis come as PDFs. Test reports come as scanned documents. Declarations come as Word files with inconsistent formatting.
An AI-native platform handles this automatically. Suppliers upload their existing documents — the ones they already produce for quality management and customer qualification. The AI reads the documents, extracts the structured data, maps it to the correct regulation fields, and flags anything missing or inconsistent.
The supplier does not need to learn a new data entry system. They upload what they already have. The platform does the rest.
The window is closing
The manufacturers who will meet the February 2027 deadline are not the ones with the biggest compliance budgets. They are the ones whose suppliers are already on a shared data network.
Starting supplier data collection today with spreadsheets means finishing — optimistically — in Q4 2026. Starting with a compounding data network means finishing in weeks.
The supplier data problem is real. But it is a solved problem if you build on the right infrastructure.
